Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-7783 (GCVE-0-2025-7783)
Vulnerability from cvelistv5 – Published: 2025-07-18 16:34 – Updated: 2025-11-03 20:07
VLAI
EPSS
Title
Usage of unsafe random function in form-data for choosing boundary
Summary
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/form-data/form-data/security/a… | third-party-advisory |
| https://github.com/form-data/form-data/commit/3d1… | patch |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
Credits
https://github.com/benweissmann
https://github.com/benweissmann
https://github.com/ljharb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:54:27.721309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:54:31.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:41.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://npmjs.com/form-data",
"defaultStatus": "unaffected",
"packageName": "form-data",
"programFiles": [
"lib/form_data.js"
],
"repo": "https://github.com/form-data/form-data",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 - 3.0.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0 - 4.0.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "https://github.com/benweissmann"
},
{
"lang": "en",
"type": "remediation developer",
"value": "https://github.com/benweissmann"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "https://github.com/ljharb"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/form_data.Js\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\u003c/p\u003e"
}
],
"value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-460",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-460 HTTP Parameter Pollution (HPP)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T16:34:44.889Z",
"orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"shortName": "harborist"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Usage of unsafe random function in form-data for choosing boundary",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"assignerShortName": "harborist",
"cveId": "CVE-2025-7783",
"datePublished": "2025-07-18T16:34:44.889Z",
"dateReserved": "2025-07-18T04:34:56.939Z",
"dateUpdated": "2025-11-03T20:07:41.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-7783",
"date": "2026-06-27",
"epss": "0.01735",
"percentile": "0.74811"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-7783\",\"sourceIdentifier\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"published\":\"2025-07-18T17:15:44.747\",\"lastModified\":\"2025-11-03T20:19:20.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\\n\\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de uso de valores insuficientemente aleatorios en form-data permite la contaminaci\u00f3n de par\u00e1metros HTTP (HPP). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa lib/form_data.Js. Este problema afecta a form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0\",\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\"},{\"url\":\"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\",\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:07:41.307Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7783\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-22T14:54:27.721309Z\"}}}], \"references\": [{\"url\": \"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-22T14:54:21.354Z\"}}], \"cna\": {\"title\": \"Usage of unsafe random function in form-data for choosing boundary\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"https://github.com/benweissmann\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"https://github.com/benweissmann\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"https://github.com/ljharb\"}], \"impacts\": [{\"capecId\": \"CAPEC-460\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-460 HTTP Parameter Pollution (HPP)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/form-data/form-data\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.5.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0 - 3.0.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.0.0 - 4.0.3\", \"versionType\": \"semver\"}], \"packageName\": \"form-data\", \"programFiles\": [\"lib/form_data.js\"], \"collectionURL\": \"https://npmjs.com/form-data\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\\n\\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/form_data.Js\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"7ffcee3d-2c14-4c3e-b844-86c6a321a158\", \"shortName\": \"harborist\", \"dateUpdated\": \"2025-07-18T16:34:44.889Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-7783\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:07:41.307Z\", \"dateReserved\": \"2025-07-18T04:34:56.939Z\", \"assignerOrgId\": \"7ffcee3d-2c14-4c3e-b844-86c6a321a158\", \"datePublished\": \"2025-07-18T16:34:44.889Z\", \"assignerShortName\": \"harborist\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2025:3919-1
Vulnerability from csaf_suse - Published: 2025-11-03 10:32 - Updated: 2025-11-03 10:32Summary
Security update for nodejs18
Severity
Important
Notes
Title of the patch: Security update for nodejs18
Description of the patch: This update for nodejs18 fixes the following issues:
- CVE-2025-7783: Switched away from Math.random() in boundary values for multipart form-encoded data (bsc#1246818)
Patchnames: SUSE-2025-3919,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3919
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\n - CVE-2025-7783: Switched away from Math.random() in boundary values for multipart form-encoded data (bsc#1246818)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3919,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3919",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3919-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3919-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253919-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3919-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023140.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246818",
"url": "https://bugzilla.suse.com/1246818"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7783/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2025-11-03T10:32:00Z",
"generator": {
"date": "2025-11-03T10:32:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3919-1",
"initial_release_date": "2025-11-03T10:32:00Z",
"revision_history": [
{
"date": "2025-11-03T10:32:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.aarch64",
"product": {
"name": "corepack18-18.20.8-8.41.1.aarch64",
"product_id": "corepack18-18.20.8-8.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.aarch64",
"product": {
"name": "nodejs18-18.20.8-8.41.1.aarch64",
"product_id": "nodejs18-18.20.8-8.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.aarch64",
"product_id": "nodejs18-devel-18.20.8-8.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.aarch64",
"product": {
"name": "npm18-18.20.8-8.41.1.aarch64",
"product_id": "npm18-18.20.8-8.41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.i586",
"product": {
"name": "corepack18-18.20.8-8.41.1.i586",
"product_id": "corepack18-18.20.8-8.41.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.i586",
"product": {
"name": "nodejs18-18.20.8-8.41.1.i586",
"product_id": "nodejs18-18.20.8-8.41.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.i586",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.i586",
"product_id": "nodejs18-devel-18.20.8-8.41.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.i586",
"product": {
"name": "npm18-18.20.8-8.41.1.i586",
"product_id": "npm18-18.20.8-8.41.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.8-8.41.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.8-8.41.1.noarch",
"product_id": "nodejs18-docs-18.20.8-8.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.ppc64le",
"product": {
"name": "corepack18-18.20.8-8.41.1.ppc64le",
"product_id": "corepack18-18.20.8-8.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.ppc64le",
"product": {
"name": "nodejs18-18.20.8-8.41.1.ppc64le",
"product_id": "nodejs18-18.20.8-8.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.ppc64le",
"product_id": "nodejs18-devel-18.20.8-8.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.ppc64le",
"product": {
"name": "npm18-18.20.8-8.41.1.ppc64le",
"product_id": "npm18-18.20.8-8.41.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.s390x",
"product": {
"name": "corepack18-18.20.8-8.41.1.s390x",
"product_id": "corepack18-18.20.8-8.41.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.s390x",
"product": {
"name": "nodejs18-18.20.8-8.41.1.s390x",
"product_id": "nodejs18-18.20.8-8.41.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.s390x",
"product_id": "nodejs18-devel-18.20.8-8.41.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.s390x",
"product": {
"name": "npm18-18.20.8-8.41.1.s390x",
"product_id": "npm18-18.20.8-8.41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.x86_64",
"product": {
"name": "corepack18-18.20.8-8.41.1.x86_64",
"product_id": "corepack18-18.20.8-8.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.x86_64",
"product": {
"name": "nodejs18-18.20.8-8.41.1.x86_64",
"product_id": "nodejs18-18.20.8-8.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.x86_64",
"product_id": "nodejs18-devel-18.20.8-8.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.x86_64",
"product": {
"name": "npm18-18.20.8-8.41.1.x86_64",
"product_id": "npm18-18.20.8-8.41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.8-8.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64"
},
"product_reference": "nodejs18-18.20.8-8.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.8-8.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.8-8.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.8-8.41.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.8-8.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.8-8.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
},
"product_reference": "npm18-18.20.8-8.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7783"
}
],
"notes": [
{
"category": "general",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7783",
"url": "https://www.suse.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1246810 for CVE-2025-7783",
"url": "https://bugzilla.suse.com/1246810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-03T10:32:00Z",
"details": "important"
}
],
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-1854
Vulnerability from csaf_certbund - Published: 2025-08-17 22:00 - Updated: 2025-10-12 22:00Summary
HCL BigFix Komponente: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff: Ein Angreifer kann mehrere Schwachstellen in HCL BigFix Komponente ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, um Daten zu manipulieren, um Informationen offenzulegen, und um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in HCL BigFix Komponente ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, um Daten zu manipulieren, um Informationen offenzulegen, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1854 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1854.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1854 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1854"
},
{
"category": "external",
"summary": "HCL Security Bulletin KB0123330 vom 2025-08-17",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123330"
},
{
"category": "external",
"summary": "HCL Security Advisory vom 2025-10-11",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=7e13ad453becfa94cb0155f726e45a99"
}
],
"source_lang": "en-US",
"title": "HCL BigFix Komponente: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-12T22:00:00.000+00:00",
"generator": {
"date": "2025-10-13T08:50:03.918+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1854",
"initial_release_date": "2025-08-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T046294",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3817",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-5678",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2025-52617",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52617"
},
{
"cve": "CVE-2025-52618",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52618"
},
{
"cve": "CVE-2025-52619",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52619"
},
{
"cve": "CVE-2025-52620",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52620"
},
{
"cve": "CVE-2025-52621",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52621"
},
{
"cve": "CVE-2025-7338",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-7338"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-1929
Vulnerability from csaf_certbund - Published: 2025-08-28 22:00 - Updated: 2026-01-25 23:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen, um Daten zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
IBM App Connect Enterprise <12.0.12.17
IBM / App Connect Enterprise
|
<12.0.12.17 | ||
|
IBM App Connect Enterprise <13.0.4.2
IBM / App Connect Enterprise
|
<13.0.4.2 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
IBM App Connect Enterprise <12.0.12.17
IBM / App Connect Enterprise
|
<12.0.12.17 | ||
|
IBM App Connect Enterprise <13.0.4.2
IBM / App Connect Enterprise
|
<13.0.4.2 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
IBM App Connect Enterprise <12.0.12.17
IBM / App Connect Enterprise
|
<12.0.12.17 | ||
|
IBM App Connect Enterprise <13.0.4.2
IBM / App Connect Enterprise
|
<13.0.4.2 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, um Daten zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1929 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1929.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1929 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1929"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243409 vom 2025-08-28",
"url": "https://www.ibm.com/support/pages/node/7243409"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243688 vom 2025-09-01",
"url": "https://www.ibm.com/support/pages/node/7243688"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243690 vom 2025-09-01",
"url": "https://www.ibm.com/support/pages/node/7243690"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7245979 vom 2025-09-24",
"url": "https://www.ibm.com/support/pages/node/7245979"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7257916 vom 2026-01-23",
"url": "https://www.ibm.com/support/pages/node/7257916"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-25T23:00:00.000+00:00",
"generator": {
"date": "2026-01-26T09:37:01.702+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1929",
"initial_release_date": "2025-08-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.17",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.17",
"product_id": "T046460"
}
},
{
"category": "product_version",
"name": "12.0.12.17",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.17",
"product_id": "T046460-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:v12__fix_pack_release_12.0.12.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.4.2",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.4.2",
"product_id": "T046621"
}
},
{
"category": "product_version",
"name": "13.0.4.2",
"product": {
"name": "IBM App Connect Enterprise 13.0.4.2",
"product_id": "T046621-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.4.2"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "Big SQL",
"product": {
"name": "IBM DB2 Big SQL",
"product_id": "T022379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:big_sql"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7338",
"product_status": {
"known_affected": [
"T022379",
"T046460",
"T046621",
"T032495"
]
},
"release_date": "2025-08-28T22:00:00.000+00:00",
"title": "CVE-2025-7338"
},
{
"cve": "CVE-2025-7339",
"product_status": {
"known_affected": [
"T022379",
"T046460",
"T046621",
"T032495"
]
},
"release_date": "2025-08-28T22:00:00.000+00:00",
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T022379",
"T046460",
"T046621",
"T032495"
]
},
"release_date": "2025-08-28T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-2150
Vulnerability from csaf_certbund - Published: 2025-09-29 22:00 - Updated: 2026-02-16 23:00Summary
Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux RHACS 4.9.0
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:rhacs_4.9.0
|
RHACS 4.9.0 | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
Red Hat Enterprise Linux Developer Hub <1.8.0
Red Hat / Enterprise Linux
|
Developer Hub <1.8.0 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat Enterprise Linux RHACS 4.7.7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:rhacs_4.7.7
|
RHACS 4.7.7 | |
|
Red Hat Enterprise Linux RHACS 4.8.5
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:rhacs_4.8.5
|
RHACS 4.8.5 |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2150 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2150.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2150 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16911"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18278 vom 2025-10-18",
"url": "https://access.redhat.com/errata/RHSA-2025:18278"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18744 vom 2025-10-21",
"url": "https://access.redhat.com/errata/RHSA-2025:18744"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249661 vom 2025-10-30",
"url": "https://www.ibm.com/support/pages/node/7249661"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19335 vom 2025-10-30",
"url": "https://access.redhat.com/errata/RHSA-2025:19335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19332 vom 2025-11-03",
"url": "https://access.redhat.com/errata/RHSA-2025:19332"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20047 vom 2025-11-10",
"url": "https://access.redhat.com/errata/RHSA-2025:20047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21146 vom 2025-11-12",
"url": "https://access.redhat.com/errata/RHSA-2025:21146"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21704 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21704"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251934 vom 2025-11-19",
"url": "https://www.ibm.com/support/pages/node/7251934"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7976-1 vom 2026-01-27",
"url": "https://ubuntu.com/security/notices/USN-7976-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2737 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-02-16T23:00:00.000+00:00",
"generator": {
"date": "2026-02-17T09:10:34.099+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2150",
"initial_release_date": "2025-09-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-20T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T043411",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "RHACS 4.9.0",
"product": {
"name": "Red Hat Enterprise Linux RHACS 4.9.0",
"product_id": "T047229",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.9.0"
}
}
},
{
"category": "product_version",
"name": "RHACS 4.7.7",
"product": {
"name": "Red Hat Enterprise Linux RHACS 4.7.7",
"product_id": "T047230",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.7.7"
}
}
},
{
"category": "product_version",
"name": "RHACS 4.8.5",
"product": {
"name": "Red Hat Enterprise Linux RHACS 4.8.5",
"product_id": "T047231",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.8.5"
}
}
},
{
"category": "product_version_range",
"name": "Developer Hub \u003c1.8.0",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub \u003c1.8.0",
"product_id": "T048395"
}
},
{
"category": "product_version",
"name": "Developer Hub 1.8.0",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub 1.8.0",
"product_id": "T048395-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:developer_hub__1.8.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T047229",
"T043411",
"T048395",
"67646",
"T000126",
"T021415",
"T047230",
"T047231"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-2165
Vulnerability from csaf_certbund - Published: 2025-09-30 22:00 - Updated: 2025-10-05 22:00Summary
Qlik Sense: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Qlik Sense ist eine Datenanalyse- und Business-Intelligence-Plattform, mit der Benutzer interaktive Dashboards, Visualisierungen und Berichte erstellen können, um Erkenntnisse zu gewinnen und datengestützte Entscheidungen zu treffen.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Qlik Sense ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Update:
Neuen Informationen von Qlik zufolge kann die Schwachstelle in Qlik Sense nicht ausgenutzt werden
Betroffene Betriebssysteme: - Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Qlik Sense Enterprise <May 2025 Patch 6
Qlik / Sense
|
Enterprise <May 2025 Patch 6 | ||
|
Qlik Sense Enterprise <November 2024 Patch 18
Qlik / Sense
|
Enterprise <November 2024 Patch 18 | ||
|
Qlik Sense Enterprise <May 2024 Patch 24
Qlik / Sense
|
Enterprise <May 2024 Patch 24 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Qlik Sense ist eine Datenanalyse- und Business-Intelligence-Plattform, mit der Benutzer interaktive Dashboards, Visualisierungen und Berichte erstellen k\u00f6nnen, um Erkenntnisse zu gewinnen und datengest\u00fctzte Entscheidungen zu treffen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Qlik Sense ausnutzen, um Sicherheitsvorkehrungen zu umgehen.\r\nUpdate:\r\nNeuen Informationen von Qlik zufolge kann die Schwachstelle in Qlik Sense nicht ausgenutzt werden",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2165 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2165.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2165 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2165"
},
{
"category": "external",
"summary": "Critical Security Fix vom 2025-09-30",
"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2532151"
},
{
"category": "external",
"summary": "Qlik Security PAtches vom 2025-09-30",
"url": "https://community.qlik.com/t5/Support-Updates/Qlik-Sense-Enterprise-for-Windows-New-Security-Patches-Available/ba-p/2532152"
}
],
"source_lang": "en-US",
"title": "Qlik Sense: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-10-05T22:00:00.000+00:00",
"generator": {
"date": "2025-10-06T09:20:07.713+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2165",
"initial_release_date": "2025-09-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Informationen von Qlik aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Enterprise \u003cMay 2025 Patch 6",
"product": {
"name": "Qlik Sense Enterprise \u003cMay 2025 Patch 6",
"product_id": "T047299"
}
},
{
"category": "product_version",
"name": "Enterprise May 2025 Patch 6",
"product": {
"name": "Qlik Sense Enterprise May 2025 Patch 6",
"product_id": "T047299-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:qlik:qlik_sense:enterprise__may_2025_patch_6"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003cNovember 2024 Patch 18",
"product": {
"name": "Qlik Sense Enterprise \u003cNovember 2024 Patch 18",
"product_id": "T047300"
}
},
{
"category": "product_version",
"name": "Enterprise November 2024 Patch 18",
"product": {
"name": "Qlik Sense Enterprise November 2024 Patch 18",
"product_id": "T047300-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:qlik:qlik_sense:enterprise__november_2024_patch_18"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003cMay 2024 Patch 24",
"product": {
"name": "Qlik Sense Enterprise \u003cMay 2024 Patch 24",
"product_id": "T047301"
}
},
{
"category": "product_version",
"name": "Enterprise May 2024 Patch 24",
"product": {
"name": "Qlik Sense Enterprise May 2024 Patch 24",
"product_id": "T047301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:qlik:qlik_sense:enterprise__may_2024_patch_24"
}
}
}
],
"category": "product_name",
"name": "Sense"
}
],
"category": "vendor",
"name": "Qlik"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T047299",
"T047300",
"T047301"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-2424
Vulnerability from csaf_certbund - Published: 2025-10-27 23:00 - Updated: 2025-10-28 23:00Summary
IBM Rational Team Concert: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Rational Team Concert ist ein Kollaborationstool zur Software Entwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Rational Team Concert ausnutzen, um einen Denial-of-Service-Angriff durchzuführen, Eingaben oder Protokolle zu manipulieren, die Authentifizierung zu umgehen, beliebigen Code auszuführen, Cross-Site-Scripting durchzuführen, sensible Informationen offenzulegen oder offene Weiterleitungen auszulösen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Rational Team Concert ist ein Kollaborationstool zur Software Entwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Rational Team Concert ausnutzen, um einen Denial-of-Service-Angriff durchzuf\u00fchren, Eingaben oder Protokolle zu manipulieren, die Authentifizierung zu umgehen, beliebigen Code auszuf\u00fchren, Cross-Site-Scripting durchzuf\u00fchren, sensible Informationen offenzulegen oder offene Weiterleitungen auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2424 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2424.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2424 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2424"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249356"
}
],
"source_lang": "en-US",
"title": "IBM Rational Team Concert: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-28T23:00:00.000+00:00",
"generator": {
"date": "2025-10-29T07:03:32.478+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2424",
"initial_release_date": "2025-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-36531, EUVD-2025-36533, EUVD-2025-36532"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1.0",
"product": {
"name": "IBM Rational Team Concert \u003c2.1.0",
"product_id": "T048164"
}
},
{
"category": "product_version",
"name": "2.1.0",
"product": {
"name": "IBM Rational Team Concert 2.1.0",
"product_id": "T048164-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_team_concert:2.1.0"
}
}
}
],
"category": "product_name",
"name": "Rational Team Concert"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23337",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2024-23337"
},
{
"cve": "CVE-2024-33531",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2024-33531"
},
{
"cve": "CVE-2025-22874",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-22874"
},
{
"cve": "CVE-2025-32379",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-32379"
},
{
"cve": "CVE-2025-36081",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-36081"
},
{
"cve": "CVE-2025-36083",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-36083"
},
{
"cve": "CVE-2025-36085",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-36085"
},
{
"cve": "CVE-2025-45768",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-45768"
},
{
"cve": "CVE-2025-48060",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-50181",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-50181"
},
{
"cve": "CVE-2025-50182",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-50182"
},
{
"cve": "CVE-2025-53547",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-7338",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-7338"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2025-9288",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-9288"
}
]
}
WID-SEC-W-2026-0204
Vulnerability from csaf_certbund - Published: 2026-01-22 23:00 - Updated: 2026-01-22 23:00Summary
IBM DB2 Big SQL: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM DB2 Big SQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL <8.2.1
IBM / DB2
|
Big SQL <8.2.1 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM DB2 Big SQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0204 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0204.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0204 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0204"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-01-22",
"url": "https://www.ibm.com/support/pages/node/7257889"
}
],
"source_lang": "en-US",
"title": "IBM DB2 Big SQL: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-01-22T23:00:00.000+00:00",
"generator": {
"date": "2026-01-23T12:46:13.464+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0204",
"initial_release_date": "2026-01-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Big SQL \u003c8.2.1",
"product": {
"name": "IBM DB2 Big SQL \u003c8.2.1",
"product_id": "T050281"
}
},
{
"category": "product_version",
"name": "Big SQL 8.2.1",
"product": {
"name": "IBM DB2 Big SQL 8.2.1",
"product_id": "T050281-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:big_sql__8.2.1"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T050281"
]
},
"release_date": "2026-01-22T23:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2026-0559
Vulnerability from csaf_certbund - Published: 2026-03-01 23:00 - Updated: 2026-03-01 23:00Summary
IBM Rational Build Forge: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0559 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0559.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0559 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0559"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262249 vom 2026-03-01",
"url": "https://www.ibm.com/support/pages/node/7262249"
}
],
"source_lang": "en-US",
"title": "IBM Rational Build Forge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-01T23:00:00.000+00:00",
"generator": {
"date": "2026-03-02T11:27:19.791+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0559",
"initial_release_date": "2026-03-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.29",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.29",
"product_id": "T051329"
}
},
{
"category": "product_version",
"name": "8.0.0.29",
"product": {
"name": "IBM Rational Build Forge 8.0.0.29",
"product_id": "T051329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.29"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25031",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2018-25031"
},
{
"cve": "CVE-2019-17495",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2019-17495"
},
{
"cve": "CVE-2021-22060",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22096",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2021-22096"
},
{
"cve": "CVE-2022-22968",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2022-22968"
},
{
"cve": "CVE-2022-22970",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2022-22970"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38828",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2024-38828"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-53057",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-53057"
},
{
"cve": "CVE-2025-53066",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-53066"
},
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…