Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22235 (GCVE-0-2025-22235)
Vulnerability from cvelistv5 – Published: 2025-04-28 07:10 – Updated: 2025-05-16 23:03- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Boot |
Affected:
2.7.x , < 2.7.25
(Enterprise Support Only)
Affected: 3.1.x , < 3.1.16 (Enterprise Support Only) Affected: 3.2.x , < 3.2.14 (Enterprise Support Only) Affected: 3.3.x , < 3.3.11 (OSS) Affected: 3.4.x , < 3.4.5 (OSS) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T16:16:38.622106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:18:23.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-16T23:03:06.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250516-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Boot",
"vendor": "Spring",
"versions": [
{
"lessThan": "2.7.25",
"status": "affected",
"version": "2.7.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "3.1.16",
"status": "affected",
"version": "3.1.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "3.2.14",
"status": "affected",
"version": "3.2.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "3.3.11",
"status": "affected",
"version": "3.3.x",
"versionType": "OSS"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.x",
"versionType": "OSS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;creates a matcher for \u003ccode\u003enull/**\u003c/code\u003e\u0026nbsp;if the actuator endpoint, for which the \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;has been created, is disabled or not exposed.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if all the following conditions are met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou use Spring Security\u003c/li\u003e\u003cli\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;has been used in a Spring Security chain configuration\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;references is disabled or not exposed via web\u003c/li\u003e\u003cli\u003eYour application handles requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;and this path needs protection\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou are not affected if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou don\u0027t use Spring Security\u003c/li\u003e\u003cli\u003eYou don\u0027t use \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;refers to is enabled and is exposed\u003c/li\u003e\u003cli\u003eYour application does not handle requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;or this path does not need protection\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don\u0027t use Spring Security\n * You don\u0027t use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T07:10:35.370Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-22235"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22235",
"datePublished": "2025-04-28T07:10:35.370Z",
"dateReserved": "2025-01-02T04:30:06.832Z",
"dateUpdated": "2025-05-16T23:03:06.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-22235",
"date": "2026-07-10",
"epss": "0.00358",
"percentile": "0.27893"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22235\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-04-28T08:15:15.273\",\"lastModified\":\"2026-06-17T08:45:48.460\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\\n\\nYour application may be affected by this if all the following conditions are met:\\n\\n * You use Spring Security\\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\\n * Your application handles requests to /null\u00a0and this path needs protection\\n\\n\\nYou are not affected if any of the following is true:\\n\\n * You don\u0027t use Spring Security\\n * You don\u0027t use EndpointRequest.to()\\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\\n * Your application does not handle requests to /null\u00a0or this path does not need protection\"},{\"lang\":\"es\",\"value\":\"EndpointRequest.to() crea un comparador para null/** si el endpoint del actuador, para el que se cre\u00f3 EndpointRequest, est\u00e1 deshabilitado o no est\u00e1 expuesto. Su aplicaci\u00f3n puede verse afectada si se cumplen todas las siguientes condiciones: * Utiliza Spring Security * EndpointRequest.to() se ha utilizado en una configuraci\u00f3n de cadena de Spring Security * El punto final al que EndpointRequest hace referencia est\u00e1 deshabilitado o no est\u00e1 expuesto a trav\u00e9s de la web * Su aplicaci\u00f3n gestiona solicitudes a /null y esta ruta necesita protecci\u00f3n no se ver\u00e1 afectado si se cumple alguna de las siguientes condiciones: * No utiliza Spring Security * No utiliza EndpointRequest.to() * El endpoint al que EndpointRequest.to() hace referencia est\u00e1 habilitado y est\u00e1 expuesto * Su aplicaci\u00f3n no gestiona solicitudes a /null o esta ruta no necesita protecci\u00f3n\"}],\"affected\":[{\"source\":\"security@vmware.com\",\"affectedData\":[{\"vendor\":\"Spring\",\"product\":\"Spring Boot\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2.7.x\",\"lessThan\":\"2.7.25\",\"versionType\":\"Enterprise Support Only\",\"status\":\"affected\"},{\"version\":\"3.1.x\",\"lessThan\":\"3.1.16\",\"versionType\":\"Enterprise Support Only\",\"status\":\"affected\"},{\"version\":\"3.2.x\",\"lessThan\":\"3.2.14\",\"versionType\":\"Enterprise Support Only\",\"status\":\"affected\"},{\"version\":\"3.3.x\",\"lessThan\":\"3.3.11\",\"versionType\":\"OSS\",\"status\":\"affected\"},{\"version\":\"3.4.x\",\"lessThan\":\"3.4.5\",\"versionType\":\"OSS\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-04-28T16:16:38.622106Z\",\"id\":\"CVE-2025-22235\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://spring.io/security/cve-2025-22235\",\"source\":\"security@vmware.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250516-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-05-05T10:05:50+00:00",
"cve": "CVE-2025-22235",
"id": "CVE-2025-22235",
"initial_release_date": "2025-04-28T07:10:35.370000+00:00",
"product_status:known_affected": "8",
"product_status:known_not_affected": "13",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22235.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250516-0010/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-16T23:03:06.227Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22235\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-28T16:16:38.622106Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-28T16:18:14.845Z\"}}], \"cna\": {\"title\": \"Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Spring\", \"product\": \"Spring Boot\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.7.x\", \"lessThan\": \"2.7.25\", \"versionType\": \"Enterprise Support Only\"}, {\"status\": \"affected\", \"version\": \"3.1.x\", \"lessThan\": \"3.1.16\", \"versionType\": \"Enterprise Support Only\"}, {\"status\": \"affected\", \"version\": \"3.2.x\", \"lessThan\": \"3.2.14\", \"versionType\": \"Enterprise Support Only\"}, {\"status\": \"affected\", \"version\": \"3.3.x\", \"lessThan\": \"3.3.11\", \"versionType\": \"OSS\"}, {\"status\": \"affected\", \"version\": \"3.4.x\", \"lessThan\": \"3.4.5\", \"versionType\": \"OSS\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://spring.io/security/cve-2025-22235\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"EndpointRequest.to()\\u00a0creates a matcher for null/**\\u00a0if the actuator endpoint, for which the EndpointRequest\\u00a0has been created, is disabled or not exposed.\\n\\nYour application may be affected by this if all the following conditions are met:\\n\\n * You use Spring Security\\n * EndpointRequest.to()\\u00a0has been used in a Spring Security chain configuration\\n * The endpoint which EndpointRequest\\u00a0references is disabled or not exposed via web\\n * Your application handles requests to /null\\u00a0and this path needs protection\\n\\n\\nYou are not affected if any of the following is true:\\n\\n * You don\u0027t use Spring Security\\n * You don\u0027t use EndpointRequest.to()\\n * The endpoint which EndpointRequest.to()\\u00a0refers to is enabled and is exposed\\n * Your application does not handle requests to /null\\u00a0or this path does not need protection\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;creates a matcher for \u003ccode\u003enull/**\u003c/code\u003e\u0026nbsp;if the actuator endpoint, for which the \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;has been created, is disabled or not exposed.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if all the following conditions are met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou use Spring Security\u003c/li\u003e\u003cli\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;has been used in a Spring Security chain configuration\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;references is disabled or not exposed via web\u003c/li\u003e\u003cli\u003eYour application handles requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;and this path needs protection\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou are not affected if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou don\u0027t use Spring Security\u003c/li\u003e\u003cli\u003eYou don\u0027t use \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;refers to is enabled and is exposed\u003c/li\u003e\u003cli\u003eYour application does not handle requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;or this path does not need protection\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-04-28T07:10:35.370Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22235\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T23:03:06.227Z\", \"dateReserved\": \"2025-01-02T04:30:06.832Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-04-28T07:10:35.370Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2026-AVI-0322
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu GemFire C++ et .NET Framework Clients versions antérieures à 10.4.8 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu GemFire Session Management versions antérieures à 1.1.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire Search versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu GemFire sur Kubernetes versions antérieures à 2.6.2 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.0.8 | ||
| VMware | Tanzu | Tanzu GemFire Vector Database versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu Data Flow sur Kubernetes versions antérieures à 2.0.4 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire C++ et .NET Framework Clients versions ant\u00e9rieures \u00e0 10.4.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Session Management versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Search versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire sur Kubernetes versions ant\u00e9rieures \u00e0 2.6.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.0.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow sur Kubernetes versions ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2026-25518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25518"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37257",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37257"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37260",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37260"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37259",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37259"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37255",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37255"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37253",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37253"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37262",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37262"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37251",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37251"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37252",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37252"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37261",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37261"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37256",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37256"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37248",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37248"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37258",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37258"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37250",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37250"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37254",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37254"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37249",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37249"
}
]
}
CERTFR-2026-AVI-0788
Vulnerability from certfr_avis - Published: 2026-06-19 - Updated: 2026-06-19
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | N/A | WebSphere Application Server versions 8.5.0 sans les derniers correctifs de sécurité | ||
| IBM | N/A | IBM QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF04 | ||
| IBM | N/A | WebSphere Application Server - Liberty versions 17.x à 26.x sans les derniers correctifs de sécurité | ||
| IBM | N/A | DB2 Query Management Facility versions 12.2.0.5 sans les derniers correctifs de sécurité | ||
| IBM | N/A | Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent versions 7.3.0 Fix Pack 4 sans les derniers correctifs de sécurité | ||
| IBM | N/A | Security QRadar Log Management AQL Plugin versions 1.x antérieures à 1.1.6 | ||
| IBM | N/A | Sterling Connect:Direct Web Services versions 6.3.0 antérieures à 6.3.0.19 | ||
| IBM | N/A | Sterling Connect:Direct Web Services versions 6.4.0 antérieures à 6.4.0.8 | ||
| IBM | N/A | Sterling B2B Integrator et IBM Sterling File Gateway versions 6.2.1 antérieures à 6.2.1.2 | ||
| IBM | N/A | DB2 Query Management Facility versions 13.1.x sans les derniers correctifs de sécurité | ||
| IBM | N/A | WebSphere Application Server versions 9.0.0 à 9.0.5.28 sans les derniers correctifs de sécurité | ||
| IBM | N/A | Sterling Connect:Direct File Agent versions 1.4.0.3 à 1.4.0.5_iFi011 pour AIX, Linux x64, Linux PPC et Windows sans le correctif de sécurité 1.4.0.5_iFix012 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP15 IF04",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server - Liberty versions 17.x \u00e0 26.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 12.2.0.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent versions 7.3.0 Fix Pack 4 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Log Management AQL Plugin versions 1.x ant\u00e9rieures \u00e0 1.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.19",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.4.0 ant\u00e9rieures \u00e0 6.4.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator et IBM Sterling File Gateway versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.0 \u00e0 9.0.5.28 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent versions 1.4.0.3 \u00e0 1.4.0.5_iFi011 pour AIX, Linux x64, Linux PPC et Windows sans le correctif de s\u00e9curit\u00e9 1.4.0.5_iFix012",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-6474",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6474"
},
{
"name": "CVE-2026-44289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44289"
},
{
"name": "CVE-2026-6472",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6472"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2026-6479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6479"
},
{
"name": "CVE-2026-44293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
},
{
"name": "CVE-2026-44290",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44290"
},
{
"name": "CVE-2026-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2026-41305",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41305"
},
{
"name": "CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"name": "CVE-2026-45740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45740"
},
{
"name": "CVE-2026-43284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
},
{
"name": "CVE-2026-39824",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39824"
},
{
"name": "CVE-2026-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40977"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-32635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32635"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-41988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41988"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2026-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6637"
},
{
"name": "CVE-2026-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41242"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2026-6473",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6473"
},
{
"name": "CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2026-5758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5758"
},
{
"name": "CVE-2026-27136",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27136"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-44288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44288"
},
{
"name": "CVE-2026-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2026-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6638"
},
{
"name": "CVE-2026-9320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
},
{
"name": "CVE-2026-40975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-42506",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42506"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2025-41235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41235"
},
{
"name": "CVE-2026-46300",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46300"
},
{
"name": "CVE-2026-25680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25680"
},
{
"name": "CVE-2026-6478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6478"
},
{
"name": "CVE-2026-10845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
},
{
"name": "CVE-2026-6475",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6475"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-44291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44291"
},
{
"name": "CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"name": "CVE-2026-41680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41680"
},
{
"name": "CVE-2026-44292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44292"
},
{
"name": "CVE-2026-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29181"
},
{
"name": "CVE-2026-6477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6477"
},
{
"name": "CVE-2026-42502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42502"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2026-8723",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8723"
},
{
"name": "CVE-2026-25681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25681"
},
{
"name": "CVE-2026-40973",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
},
{
"name": "CVE-2026-46333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
},
{
"name": "CVE-2026-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2026-9330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9330"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2026-9311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9311"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2026-41238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41238"
},
{
"name": "CVE-2026-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
},
{
"name": "CVE-2026-9006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2026-44294",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44294"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
},
{
"name": "CVE-2026-41907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41907"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
}
],
"initial_release_date": "2026-06-19T00:00:00",
"last_revision_date": "2026-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0788",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276427",
"url": "https://www.ibm.com/support/pages/node/7276427"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276831",
"url": "https://www.ibm.com/support/pages/node/7276831"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276430",
"url": "https://www.ibm.com/support/pages/node/7276430"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276432",
"url": "https://www.ibm.com/support/pages/node/7276432"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276433",
"url": "https://www.ibm.com/support/pages/node/7276433"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276620",
"url": "https://www.ibm.com/support/pages/node/7276620"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276616",
"url": "https://www.ibm.com/support/pages/node/7276616"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276425",
"url": "https://www.ibm.com/support/pages/node/7276425"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276597",
"url": "https://www.ibm.com/support/pages/node/7276597"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276428",
"url": "https://www.ibm.com/support/pages/node/7276428"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276761",
"url": "https://www.ibm.com/support/pages/node/7276761"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276816",
"url": "https://www.ibm.com/support/pages/node/7276816"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276589",
"url": "https://www.ibm.com/support/pages/node/7276589"
},
{
"published_at": "2026-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276832",
"url": "https://www.ibm.com/support/pages/node/7276832"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276187",
"url": "https://www.ibm.com/support/pages/node/7276187"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276426",
"url": "https://www.ibm.com/support/pages/node/7276426"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276579",
"url": "https://www.ibm.com/support/pages/node/7276579"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276303",
"url": "https://www.ibm.com/support/pages/node/7276303"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276193",
"url": "https://www.ibm.com/support/pages/node/7276193"
},
{
"published_at": "2026-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276939",
"url": "https://www.ibm.com/support/pages/node/7276939"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276600",
"url": "https://www.ibm.com/support/pages/node/7276600"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276189",
"url": "https://www.ibm.com/support/pages/node/7276189"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276429",
"url": "https://www.ibm.com/support/pages/node/7276429"
},
{
"published_at": "2026-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276392",
"url": "https://www.ibm.com/support/pages/node/7276392"
},
{
"published_at": "2026-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7276185",
"url": "https://www.ibm.com/support/pages/node/7276185"
}
]
}
FKIE_CVE-2025-22235
Vulnerability from fkie_nvd - Published: 2025-04-28 08:15 - Updated: 2026-06-17 08:45| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Spring Boot",
"vendor": "Spring",
"versions": [
{
"lessThan": "2.7.25",
"status": "affected",
"version": "2.7.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "3.1.16",
"status": "affected",
"version": "3.1.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "3.2.14",
"status": "affected",
"version": "3.2.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "3.3.11",
"status": "affected",
"version": "3.3.x",
"versionType": "OSS"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.x",
"versionType": "OSS"
}
]
}
],
"source": "security@vmware.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don\u0027t use Spring Security\n * You don\u0027t use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection"
},
{
"lang": "es",
"value": "EndpointRequest.to() crea un comparador para null/** si el endpoint del actuador, para el que se cre\u00f3 EndpointRequest, est\u00e1 deshabilitado o no est\u00e1 expuesto. Su aplicaci\u00f3n puede verse afectada si se cumplen todas las siguientes condiciones: * Utiliza Spring Security * EndpointRequest.to() se ha utilizado en una configuraci\u00f3n de cadena de Spring Security * El punto final al que EndpointRequest hace referencia est\u00e1 deshabilitado o no est\u00e1 expuesto a trav\u00e9s de la web * Su aplicaci\u00f3n gestiona solicitudes a /null y esta ruta necesita protecci\u00f3n no se ver\u00e1 afectado si se cumple alguna de las siguientes condiciones: * No utiliza Spring Security * No utiliza EndpointRequest.to() * El endpoint al que EndpointRequest.to() hace referencia est\u00e1 habilitado y est\u00e1 expuesto * Su aplicaci\u00f3n no gestiona solicitudes a /null o esta ruta no necesita protecci\u00f3n"
}
],
"id": "CVE-2025-22235",
"lastModified": "2026-06-17T08:45:48.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@vmware.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-22235",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T16:16:38.622106Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-04-28T08:15:15.273",
"references": [
{
"source": "security@vmware.com",
"url": "https://spring.io/security/cve-2025-22235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250516-0010/"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@vmware.com",
"type": "Secondary"
}
]
}
GHSA-RC42-6C7J-7H5R
Vulnerability from github – Published: 2025-04-28 09:31 – Updated: 2025-05-17 00:30EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.
Your application may be affected by this if all the following conditions are met:
- You use Spring Security
- EndpointRequest.to() has been used in a Spring Security chain configuration
- The endpoint which EndpointRequest references is disabled or not exposed via web
- Your application handles requests to /null and this path needs protection
You are not affected if any of the following is true:
- You don't use Spring Security
- You don't use EndpointRequest.to()
- The endpoint which EndpointRequest.to() refers to is enabled and is exposed
- Your application does not handle requests to /null or this path does not need protection
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.24.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"last_affected": "3.1.15.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"last_affected": "3.2.13.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.10"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.4.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.springframework.boot:spring-boot"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22235"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-28T20:59:16Z",
"nvd_published_at": "2025-04-28T08:15:15Z",
"severity": "HIGH"
},
"details": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don\u0027t use Spring Security\n * You don\u0027t use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection",
"id": "GHSA-rc42-6c7j-7h5r",
"modified": "2025-05-17T00:30:25Z",
"published": "2025-04-28T09:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22235"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-boot"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250516-0010"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2025-22235"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed"
}
WID-SEC-W-2025-0887
Vulnerability from csaf_certbund - Published: 2025-04-24 22:00 - Updated: 2025-11-25 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Tanzu Spring Boot <3.1.16
VMware Tanzu / Spring Boot
|
<3.1.16 | ||
|
VMware Tanzu Spring Boot <3.2.14
VMware Tanzu / Spring Boot
|
<3.2.14 | ||
|
VMware Tanzu Spring Boot <3.3.11
VMware Tanzu / Spring Boot
|
<3.3.11 | ||
|
VMware Tanzu Spring Boot <3.4.5
VMware Tanzu / Spring Boot
|
<3.4.5 | ||
|
IBM Operational Decision Manager
IBM
|
cpe:/a:ibm:operational_decision_manager:-
|
— | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
VMware Tanzu Spring Boot <2.7.25
VMware Tanzu / Spring Boot
|
<2.7.25 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://spring.io/blog/2025/04/24/spring-boot-CVE… | external |
| https://spring.io/security/cve-2025-22235 | external |
| https://confluence.atlassian.com/security/securit… | external |
| https://www.ibm.com/support/pages/node/7252567 | external |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Boot ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0887 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0887.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0887 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0887"
},
{
"category": "external",
"summary": "Spring Boot Release Notes vom 2025-04-24",
"url": "https://spring.io/blog/2025/04/24/spring-boot-CVE-2025-22235"
},
{
"category": "external",
"summary": "Spring Security Advisory CVE-2025-22235 vom 2025-04-24",
"url": "https://spring.io/security/cve-2025-22235"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252567 vom 2025-11-26",
"url": "https://www.ibm.com/support/pages/node/7252567"
}
],
"source_lang": "en-US",
"title": "VMware Tanzu Spring Boot: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-11-25T23:00:00.000+00:00",
"generator": {
"date": "2025-11-26T11:02:13.594+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-0887",
"initial_release_date": "2025-04-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Operational Decision Manager",
"product": {
"name": "IBM Operational Decision Manager",
"product_id": "T005180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.7.25",
"product": {
"name": "VMware Tanzu Spring Boot \u003c2.7.25",
"product_id": "T043156"
}
},
{
"category": "product_version",
"name": "2.7.25",
"product": {
"name": "VMware Tanzu Spring Boot 2.7.25",
"product_id": "T043156-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_boot:2.7.25"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.1.16",
"product": {
"name": "VMware Tanzu Spring Boot \u003c3.1.16",
"product_id": "T043157"
}
},
{
"category": "product_version",
"name": "3.1.16",
"product": {
"name": "VMware Tanzu Spring Boot 3.1.16",
"product_id": "T043157-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_boot:3.1.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.2.14",
"product": {
"name": "VMware Tanzu Spring Boot \u003c3.2.14",
"product_id": "T043158"
}
},
{
"category": "product_version",
"name": "3.2.14",
"product": {
"name": "VMware Tanzu Spring Boot 3.2.14",
"product_id": "T043158-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_boot:3.2.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.3.11",
"product": {
"name": "VMware Tanzu Spring Boot \u003c3.3.11",
"product_id": "T043159"
}
},
{
"category": "product_version",
"name": "3.3.11",
"product": {
"name": "VMware Tanzu Spring Boot 3.3.11",
"product_id": "T043159-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_boot:3.3.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.5",
"product": {
"name": "VMware Tanzu Spring Boot \u003c3.4.5",
"product_id": "T043160"
}
},
{
"category": "product_version",
"name": "3.4.5",
"product": {
"name": "VMware Tanzu Spring Boot 3.4.5",
"product_id": "T043160-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware_tanzu:spring_boot:3.4.5"
}
}
}
],
"category": "product_name",
"name": "Spring Boot"
}
],
"category": "vendor",
"name": "VMware Tanzu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22235",
"product_status": {
"known_affected": [
"T043157",
"T043158",
"T043159",
"T043160",
"T005180",
"T048677",
"T048676",
"T043156",
"T048675"
]
},
"release_date": "2025-04-24T22:00:00.000+00:00",
"title": "CVE-2025-22235"
}
]
}
WID-SEC-W-2026-0351
Vulnerability from csaf_certbund - Published: 2026-02-09 23:00 - Updated: 2026-02-09 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell NetWorker AUTHC <19.14
Dell / NetWorker
|
AUTHC <19.14 | ||
|
Dell NetWorker vCenter User Interface <19.14
Dell / NetWorker
|
vCenter User Interface <19.14 | ||
|
Dell NetWorker Management Web UI <19.14
Dell / NetWorker
|
Management Web UI <19.14 | ||
|
Dell NetWorker Management Console <19.14
Dell / NetWorker
|
Management Console <19.14 | ||
|
Dell NetWorker File-Level Recovery <19.14
Dell / NetWorker
|
File-Level Recovery <19.14 | ||
|
Dell NetWorker REST API <19.14
Dell / NetWorker
|
REST API <19.14 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell NetWorker stellt zentralisiert Backup- und Recovery-Dienste bereit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell NetWorker ausnutzen, um Angriffe zu starten, die die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit von Systemen beeintr\u00e4chtigen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0351 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0351.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0351 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0351"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-023 vom 2026-02-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000425429/dsa-2026-023-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-024 vom 2026-02-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000425759/dsa-2026-024-security-update-for-dell-networker-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Dell NetWorker (Third Party Components): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-09T23:00:00.000+00:00",
"generator": {
"date": "2026-02-10T10:02:33.638+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0351",
"initial_release_date": "2026-02-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "AUTHC \u003c19.14",
"product": {
"name": "Dell NetWorker AUTHC \u003c19.14",
"product_id": "T050629"
}
},
{
"category": "product_version",
"name": "AUTHC 19.14",
"product": {
"name": "Dell NetWorker AUTHC 19.14",
"product_id": "T050629-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:authc__19.14"
}
}
},
{
"category": "product_version_range",
"name": "Management Console \u003c19.14",
"product": {
"name": "Dell NetWorker Management Console \u003c19.14",
"product_id": "T050630"
}
},
{
"category": "product_version",
"name": "Management Console 19.14",
"product": {
"name": "Dell NetWorker Management Console 19.14",
"product_id": "T050630-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:management_console__19.14"
}
}
},
{
"category": "product_version_range",
"name": "Management Web UI \u003c19.14",
"product": {
"name": "Dell NetWorker Management Web UI \u003c19.14",
"product_id": "T050631"
}
},
{
"category": "product_version",
"name": "Management Web UI 19.14",
"product": {
"name": "Dell NetWorker Management Web UI 19.14",
"product_id": "T050631-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:management_web_ui__19.14"
}
}
},
{
"category": "product_version_range",
"name": "REST API \u003c19.14",
"product": {
"name": "Dell NetWorker REST API \u003c19.14",
"product_id": "T050632"
}
},
{
"category": "product_version",
"name": "REST API 19.14",
"product": {
"name": "Dell NetWorker REST API 19.14",
"product_id": "T050632-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:rest_api__19.14"
}
}
},
{
"category": "product_version_range",
"name": "File-Level Recovery \u003c19.14",
"product": {
"name": "Dell NetWorker File-Level Recovery \u003c19.14",
"product_id": "T050633"
}
},
{
"category": "product_version",
"name": "File-Level Recovery 19.14",
"product": {
"name": "Dell NetWorker File-Level Recovery 19.14",
"product_id": "T050633-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:file-level_recovery__19.14"
}
}
},
{
"category": "product_version_range",
"name": "vCenter User Interface \u003c19.14",
"product": {
"name": "Dell NetWorker vCenter User Interface \u003c19.14",
"product_id": "T050634"
}
},
{
"category": "product_version",
"name": "vCenter User Interface 19.14",
"product": {
"name": "Dell NetWorker vCenter User Interface 19.14",
"product_id": "T050634-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vcenter_user_interface__19.14"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-5783",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2012-5783"
},
{
"cve": "CVE-2014-3577",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2014-3577"
},
{
"cve": "CVE-2015-5262",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2015-5262"
},
{
"cve": "CVE-2020-13956",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2023-35116",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2024-29736",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2024-29736"
},
{
"cve": "CVE-2024-32007",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2024-32007"
},
{
"cve": "CVE-2024-41172",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2024-41172"
},
{
"cve": "CVE-2025-11226",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-11226"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-22233",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-22233"
},
{
"cve": "CVE-2025-22235",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-22235"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-27820",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-27820"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-41234",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41234"
},
{
"cve": "CVE-2025-41242",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41254",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-41254"
},
{
"cve": "CVE-2025-46392",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-46392"
},
{
"cve": "CVE-2025-48913",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48989",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-53864",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-7962",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8713",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8713"
},
{
"cve": "CVE-2025-8714",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8714"
},
{
"cve": "CVE-2025-8715",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8715"
},
{
"cve": "CVE-2025-8885",
"product_status": {
"known_affected": [
"T050629",
"T050634",
"T050631",
"T050630",
"T050633",
"T050632"
]
},
"release_date": "2026-02-09T23:00:00.000+00:00",
"title": "CVE-2025-8885"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.