Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-33850 (GCVE-0-2023-33850)
Vulnerability from cvelistv5
- CWE-203 - Observable Discrepancy
Vendor | Product | Version | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
IBM | TXSeries for Multiplatforms |
Version: 8.1, 8.2, 9.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:54:12.732Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7010369" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7022413" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7022414" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "txseries_for_multiplatform", "vendor": "ibm", "versions": [ { "status": "affected", "version": "8.1" }, { "status": "affected", "version": "8.2" }, { "status": "affected", "version": "9.1" } ] }, { "cpes": [ "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*" ], "defaultStatus": "unaffected", "product": "cics_tx", "vendor": "ibm", "versions": [ { "status": "affected", "version": "11.1" }, { "status": "affected", "version": "10.1" } ] }, { "cpes": [ "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*" ], "defaultStatus": "unaffected", "product": "cics_tx", "vendor": "ibm", "versions": [ { "status": "affected", "version": "11.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-33850", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-03T19:06:38.589742Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-03T19:11:06.469Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "TXSeries for Multiplatforms", "vendor": "IBM", "versions": [ { "status": "affected", "version": "8.1, 8.2, 9.1" } ] }, { "defaultStatus": "unaffected", "product": "CICS TX Standard", "vendor": "IBM", "versions": [ { "status": "affected", "version": "11.1" } ] }, { "defaultStatus": "unaffected", "product": "CICS TX Advanced", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.1, 11.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.\u003c/span\u003e" } ], "value": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T13:50:22.398Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7010369" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7022413" }, { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7022414" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM GSKit-Crypto information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-33850", "datePublished": "2023-08-22T20:31:25.923Z", "dateReserved": "2023-05-23T00:31:59.438Z", "dateUpdated": "2024-10-03T19:11:06.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-33850\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2023-08-22T21:15:07.837\",\"lastModified\":\"2024-11-21T08:06:04.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D5EA02F-AA81-4101-9CE2-46ED4DE76B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"569BF866-989C-4BF4-B80E-962F8979FD8B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB032B5B-3B05-4809-8BF2-E08255E19475\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F480AA32-841A-4E68-9343-B2E7548B0A0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"66EEC046-128D-4555-8C9A-3C02300145B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"73BBDE39-E8CF-416C-838D-046ADDA011F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"A9D7FDA3-EE60-453B-8651-686B9D28071F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7010369\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7022413\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7022414\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/257132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ibm.com/support/pages/node/7010369\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7022413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7022414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7010369\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7022413\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7022414\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/257132\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:54:12.732Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33850\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T19:06:38.589742Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*\"], \"vendor\": \"ibm\", \"product\": \"txseries_for_multiplatform\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1\"}, {\"status\": \"affected\", \"version\": \"8.2\"}, {\"status\": \"affected\", \"version\": \"9.1\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*\"], \"vendor\": \"ibm\", \"product\": \"cics_tx\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1\"}, {\"status\": \"affected\", \"version\": \"10.1\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*\"], \"vendor\": \"ibm\", \"product\": \"cics_tx\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T19:10:45.702Z\"}}], \"cna\": {\"title\": \"IBM GSKit-Crypto information disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IBM\", \"product\": \"TXSeries for Multiplatforms\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1, 8.2, 9.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"CICS TX Standard\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"CICS TX Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1, 11.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7010369\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7022413\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7022414\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(204, 217, 226);\\\"\u003eIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-09-27T13:50:22.398Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2023-33850\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-03T19:11:06.469Z\", \"dateReserved\": \"2023-05-23T00:31:59.438Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2023-08-22T20:31:25.923Z\", \"assignerShortName\": \"ibm\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
CERTFR-2024-AVI-0279
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | N/A | Storage Scale System 3000, 3200, 3500, 5000 et 6000 versions 6.1.2.x antérieures à 6.1.2.9 | ||
IBM | Sterling | Sterling Connect Direct pour UNIX versions 6.1.x antérieures à 6.1.0.4.iFix106 | ||
IBM | WebSphere | WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4 | ||
IBM | Sterling | Sterling Connect Direct pour UNIX versions 6.3.x antérieures à 6.3.0.2.iFix021 | ||
IBM | Sterling | Sterling Connect Direct pour UNIX versions 6.0.x antérieures à 6.0.0.2.iFix164 | ||
IBM | Tivoli | Tivoli Netcool Impact versions 7.1.0.x antérieures à 7.1.0.33 | ||
IBM | N/A | Storage Scale System 3000, 3200, 3500, 5000 et 6000 versions 6.1.9.x antérieures à 6.1.9.2 | ||
IBM | WebSphere | WebSphere Application Server versions 9.x antérieures à 9.0.5.19 | ||
IBM | WebSphere | WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26 | ||
IBM | Sterling | Sterling Connect Direct pour UNIX versions 6.2.x antérieures à 6.2.0.7.iFix015 |
Title | Publication Time | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Storage Scale System 3000, 3200, 3500, 5000 et 6000 versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.9", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect Direct pour UNIX versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.4.iFix106", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect Direct pour UNIX versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.2.iFix021", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect Direct pour UNIX versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix164", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Tivoli Netcool Impact versions 7.1.0.x ant\u00e9rieures \u00e0 7.1.0.33", "product": { "name": "Tivoli", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Storage Scale System 3000, 3200, 3500, 5000 et 6000 versions 6.1.9.x ant\u00e9rieures \u00e0 6.1.9.2", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect Direct pour UNIX versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7.iFix015", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2023-52428", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2023-46158", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46158" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-04-05T00:00:00", "last_revision_date": "2024-04-05T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0279", "revisions": [ { "description": "Version initiale", "revision_date": "2024-04-05T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145606 du 01 avril 2024", "url": "https://www.ibm.com/support/pages/node/7145606" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145538 du 29 mars 2024", "url": "https://www.ibm.com/support/pages/node/7145538" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145743 du 02 avril 2024", "url": "https://www.ibm.com/support/pages/node/7145743" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145942 du 04 avril 2024", "url": "https://www.ibm.com/support/pages/node/7145942" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145926 du 04 avril 2024", "url": "https://www.ibm.com/support/pages/node/7145926" } ] }
CERTFR-2024-AVI-0939
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 | ||
IBM | QRadar | QRadar App SDK versions antérieures à 2.2.2 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 | ||
IBM | Cloud Pak | Cloud Pak versions antérieures à 2.3.5.0 pour Power | ||
IBM | Cloud Pak | Cloud Pak versions antérieures à 2.3.4.1 pour Intel | ||
IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 |
Title | Publication Time | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar App SDK versions ant\u00e9rieures \u00e0 2.2.2", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cloud Pak versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power", "product": { "name": "Cloud Pak", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cloud Pak versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel", "product": { "name": "Cloud Pak", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 ", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2015-2327", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327" }, { "name": "CVE-2023-43642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642" }, { "name": "CVE-2024-37891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891" }, { "name": "CVE-2015-8383", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383" }, { "name": "CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "name": "CVE-2023-47747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47747" }, { "name": "CVE-2023-47158", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47158" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2023-46167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46167" }, { "name": "CVE-2023-38740", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38740" }, { "name": "CVE-2023-45853", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853" }, { "name": "CVE-2023-38719", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38719" }, { "name": "CVE-2023-45178", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178" }, { "name": "CVE-2023-47701", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47701" }, { "name": "CVE-2023-50308", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50308" }, { "name": "CVE-2023-40687", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40687" }, { "name": "CVE-2023-52296", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52296" }, { "name": "CVE-2015-8381", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381" }, { "name": "CVE-2024-25046", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25046" }, { "name": "CVE-2024-31881", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881" }, { "name": "CVE-2015-8392", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2015-8395", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395" }, { "name": "CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "name": "CVE-2015-8393", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8393" }, { "name": "CVE-2024-31880", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880" }, { "name": "CVE-2024-29025", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025" }, { "name": "CVE-2024-28762", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762" }, { "name": "CVE-2024-34062", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34062" }, { "name": "CVE-2024-26308", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308" }, { "name": "CVE-2023-47746", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47746" }, { "name": "CVE-2024-27254", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27254" }, { "name": "CVE-2022-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510" }, { "name": "CVE-2022-3509", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509" }, { "name": "CVE-2023-47141", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47141" }, { "name": "CVE-2024-29131", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131" }, { "name": "CVE-2015-8388", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388" }, { "name": "CVE-2018-25032", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032" }, { "name": "CVE-2023-40692", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40692" }, { "name": "CVE-2023-38003", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38003" }, { "name": "CVE-2024-25710", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710" }, { "name": "CVE-2022-37434", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434" }, { "name": "CVE-2024-29133", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133" }, { "name": "CVE-2024-35195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195" }, { "name": "CVE-2024-22360", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22360" }, { "name": "CVE-2024-5569", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569" }, { "name": "CVE-2023-38729", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38729" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2015-8385", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385" }, { "name": "CVE-2015-8394", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394" }, { "name": "CVE-2015-8391", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391" }, { "name": "CVE-2015-8386", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386" }, { "name": "CVE-2015-8387", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387" }, { "name": "CVE-2023-38727", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38727" }, { "name": "CVE-2023-29258", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29258" }, { "name": "CVE-2023-29267", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267" }, { "name": "CVE-2002-0059", "url": "https://www.cve.org/CVERecord?id=CVE-2002-0059" }, { "name": "CVE-2023-43020", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43020" }, { "name": "CVE-2023-27859", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27859" }, { "name": "CVE-2023-32731", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731" }, { "name": "CVE-2015-2328", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2024-3651", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651" }, { "name": "CVE-2020-14155", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155" }, { "name": "CVE-2023-40374", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40374" }, { "name": "CVE-2015-8390", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2022-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171" }, { "name": "CVE-2024-39689", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689" }, { "name": "CVE-2023-40372", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40372" }, { "name": "CVE-2023-47152", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47152" }, { "name": "CVE-2012-2677", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2677" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-10-31T00:00:00", "last_revision_date": "2024-10-31T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0939", "revisions": [ { "description": "Version initiale", "revision_date": "2024-10-31T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-10-30", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174441", "url": "https://www.ibm.com/support/pages/node/7174441" }, { "published_at": "2024-10-30", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174420", "url": "https://www.ibm.com/support/pages/node/7174420" }, { "published_at": "2024-10-28", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7169788", "url": "https://www.ibm.com/support/pages/node/7169788" }, { "published_at": "2024-10-30", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7174440", "url": "https://www.ibm.com/support/pages/node/7174440" } ] }
CERTFR-2024-AVI-0305
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix104
- Sterling Connect:Direct pour UNIX versions 6.0.0.x antérieures à 6.0.0.2.iFix163
- Sterling Connect:Direct FTP+ versions antérieures à 1.3.0 sans le correctif de sécurité iFix026
- QRadar App SDK versions 2.2.x antérieures à 2.2.1
- QRadar Deployment Intelligence App versions antérieures à 3.0.13
- Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.20.0
- QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF01
- QRadar Suite Software versions 1.10.12.x antérieures à 1.10.20.0
- WebSphere Application Server Liberty versions postérieures à 21.0.0.2 et antérieures à 24.0.0.4
- WebSphere Application Server versions 9.x antérieures à 9.0.5.19
- WebSphere Application Server versions postérieures à 8.5.5.2 antérieures à 8.5.5.26
- Sterling B2B Integrator versions 6.0.x.x à 6.1.x.x antérieures à 6.1.2.5
- Sterling B2B Integrator versions 6.2.x.x antérieures à 6.2.0.1
Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).
Vendor | Product | Description |
---|
Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [], "affected_systems_content": "\u003cul\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0\u00a06.1.0.4.iFix104\u003c/li\u003e \u003cli\u003eSterling Connect:Direct pour UNIX versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix163\u003c/li\u003e \u003cli\u003eSterling Connect:Direct FTP+ versions ant\u00e9rieures \u00e0 1.3.0 sans le correctif de s\u00e9curit\u00e9 iFix026\u003c/li\u003e \u003cli\u003eQRadar App SDK versions 2.2.x ant\u00e9rieures \u00e0 2.2.1\u003c/li\u003e \u003cli\u003eQRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.13\u003c/li\u003e \u003cli\u003eCloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eQRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF01\u003c/li\u003e \u003cli\u003eQRadar Suite Software versions 1.10.12.x ant\u00e9rieures \u00e0 1.10.20.0\u003c/li\u003e \u003cli\u003eWebSphere Application Server Liberty versions post\u00e9rieures \u00e0 21.0.0.2 et ant\u00e9rieures \u00e0 24.0.0.4\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.19\u003c/li\u003e \u003cli\u003eWebSphere Application Server versions post\u00e9rieures \u00e0 8.5.5.2 ant\u00e9rieures \u00e0 8.5.5.26\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.0.x.x \u00e0 6.1.x.x ant\u00e9rieures \u00e0 6.1.2.5\u003c/li\u003e \u003cli\u003eSterling B2B Integrator versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ", "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2022-48564", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564" }, { "name": "CVE-2024-1597", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597" }, { "name": "CVE-2023-43642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642" }, { "name": "CVE-2023-46218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" }, { "name": "CVE-2023-45857", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857" }, { "name": "CVE-2023-51385", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385" }, { "name": "CVE-2023-46234", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234" }, { "name": "CVE-2023-38546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546" }, { "name": "CVE-2023-37920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "name": "CVE-2023-52426", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426" }, { "name": "CVE-2022-45061", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061" }, { "name": "CVE-2023-4091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4091" }, { "name": "CVE-2023-50782", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782" }, { "name": "CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "name": "CVE-2024-22361", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2021-35939", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35939" }, { "name": "CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "name": "CVE-2023-42669", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42669" }, { "name": "CVE-2023-2828", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2023-20569", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569" }, { "name": "CVE-2012-0881", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0881" }, { "name": "CVE-2019-13224", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13224" }, { "name": "CVE-2023-34968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34968" }, { "name": "CVE-2024-26308", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308" }, { "name": "CVE-2019-19204", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19204" }, { "name": "CVE-2023-27043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043" }, { "name": "CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "name": "CVE-2021-22696", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22696" }, { "name": "CVE-2023-42795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42795" }, { "name": "CVE-2023-28487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28487" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2023-6135", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6135" }, { "name": "CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "name": "CVE-2024-22195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195" }, { "name": "CVE-2020-28241", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28241" }, { "name": "CVE-2023-45648", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45648" }, { "name": "CVE-2023-45803", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "name": "CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "name": "CVE-2023-34967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34967" }, { "name": "CVE-2021-35937", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35937" }, { "name": "CVE-2024-25710", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710" }, { "name": "CVE-2023-3341", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341" }, { "name": "CVE-2021-41043", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41043" }, { "name": "CVE-2019-16163", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16163" }, { "name": "CVE-2023-1786", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1786" }, { "name": "CVE-2024-0553", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0553" }, { "name": "CVE-2021-30468", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30468" }, { "name": "CVE-2024-26130", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26130" }, { "name": "CVE-2019-19203", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19203" }, { "name": "CVE-2023-43804", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2022-48560", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560" }, { "name": "CVE-2017-7500", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7500" }, { "name": "CVE-2023-42794", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42794" }, { "name": "CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "name": "CVE-2022-3094", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3094" }, { "name": "CVE-2022-41721", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41721" }, { "name": "CVE-2022-42920", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920" }, { "name": "CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "name": "CVE-2023-42465", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42465" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2021-33194", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194" }, { "name": "CVE-2024-20932", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932" }, { "name": "CVE-2023-49083", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083" }, { "name": "CVE-2011-4969", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4969" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2021-35938", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35938" }, { "name": "CVE-2022-46329", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329" }, { "name": "CVE-2023-34966", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34966" }, { "name": "CVE-2023-26604", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26604" }, { "name": "CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "name": "CVE-2023-46589", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46589" }, { "name": "CVE-2023-32681", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-39615", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615" }, { "name": "CVE-2017-7501", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7501" }, { "name": "CVE-2023-28486", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28486" }, { "name": "CVE-2015-9251", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9251" }, { "name": "CVE-2023-5388", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5388" }, { "name": "CVE-2012-6708", "url": "https://www.cve.org/CVERecord?id=CVE-2012-6708" }, { "name": "CVE-2022-2127", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2127" }, { "name": "CVE-2020-7656", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7656" }, { "name": "CVE-2019-19012", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19012" }, { "name": "CVE-2023-26159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159" }, { "name": "CVE-2023-6597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "name": "CVE-2024-22234", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22234" } ], "initial_release_date": "2024-04-12T00:00:00", "last_revision_date": "2024-04-12T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0305", "revisions": [ { "description": "Version initiale", "revision_date": "2024-04-12T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147813 du 09 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147813" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148062 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148062" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147943 du 10 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147943" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147903 du 10 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147903" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148094 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148094" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148151 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148151" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148066 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148066" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148158 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148158" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147727 du 08 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147727" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148065 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148065" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148068 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148068" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147728 du 08 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147728" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147944 du 10 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147944" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147726 du 08 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147726" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147923 du 10 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147923" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7147812 du 09 avril 2024", "url": "https://www.ibm.com/support/pages/node/7147812" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7148063 du 11 avril 2024", "url": "https://www.ibm.com/support/pages/node/7148063" } ] }
CERTFR-2024-AVI-0547
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Tivoli | Tivoli Netcool Impact versions 7.1.0.x antérieures à 7.1.0.34 | ||
IBM | Cognos Transformer | Cognos Transformer version 11.2.4 sans le correctif FP4 | ||
IBM | Tivoli | Tivoli Application Dependency Discovery Manager versions 7.3.0.0 à 7.3.0.11 sans le correctif de sécurité efix_WLP_PSIRT_24006_FP11230825.zip | ||
IBM | Cognos Transformer | Cognos Transformer versions 12.0.x antérieures à 12.0.3 |
Title | Publication Time | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Tivoli Netcool Impact versions 7.1.0.x ant\u00e9rieures \u00e0 7.1.0.34", "product": { "name": "Tivoli", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Transformer version 11.2.4 sans le correctif FP4", "product": { "name": "Cognos Transformer", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Tivoli Application Dependency Discovery Manager versions 7.3.0.0 \u00e0 7.3.0.11 sans le correctif de s\u00e9curit\u00e9 efix_WLP_PSIRT_24006_FP11230825.zip", "product": { "name": "Tivoli", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Transformer versions 12.0.x ant\u00e9rieures \u00e0 12.0.3", "product": { "name": "Cognos Transformer", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2024-25026", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2024-27268", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2024-22354", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-07-05T00:00:00", "last_revision_date": "2024-07-05T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0547", "revisions": [ { "description": "Version initiale", "revision_date": "2024-07-05T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-07-01", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159323", "url": "https://www.ibm.com/support/pages/node/7159323" }, { "published_at": "2024-07-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159530", "url": "https://www.ibm.com/support/pages/node/7159530" }, { "published_at": "2024-07-01", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159308", "url": "https://www.ibm.com/support/pages/node/7159308" }, { "published_at": "2024-09-26", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159172", "url": "https://www.ibm.com/support/pages/node/7159172" } ] }
CERTFR-2024-AVI-0470
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | N/A | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF03 | ||
IBM | N/A | AIX versions 7.2 et 7.3 sans la dernière version du fichier bind.rte | ||
IBM | N/A | MaaS360 Mobile Enterprise Gateway (MEG) versions antérieures à 3.000.800 | ||
IBM | N/A | IBM Sterling Transformation Extender versions 11.x antérieures à 11.0.0.0 sans le correctif de sécurité PH61425 | ||
IBM | N/A | Db2 versions 11.1.4 à 11.1.4.7 sans le dernier correctif de sécurité pour TSAMP | ||
IBM | N/A | MaaS360 VPN versions antérieures à 3.000.800 | ||
IBM | N/A | Db2 versions 10.5.0 à 10.5.11 sans le dernier correctif de sécurité pour Tivoli System Automation for Multiplatforms (TSAMP) | ||
IBM | N/A | VIOS versions 3.1 et 4.1 sans la dernière version du fichier bind.rte | ||
IBM | N/A | Db2 versions 11.5.0 à 11.1.5.9 sans le dernier correctif de sécurité pour TSAMP | ||
IBM | N/A | IBM Sterling Transformation Extender versions 10.1.1.x antérieures à 10.1.1.1 sans le correctif de sécurité PH61425 | ||
IBM | N/A | IBM Sterling Transformation Extender versions 10.1.0.x antérieures à 10.1.0.2 sans le correctif de sécurité PH61425 | ||
IBM | N/A | IBM Sterling Transformation Extender versions 10.1.2.x antérieures à 10.1.2.1 sans le correctif de sécurité PH61425 |
Title | Publication Time | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF03", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "AIX versions 7.2 et 7.3 sans la derni\u00e8re version du fichier bind.rte", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "MaaS360 Mobile Enterprise Gateway (MEG) versions ant\u00e9rieures \u00e0 3.000.800", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Transformation Extender versions 11.x ant\u00e9rieures \u00e0 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 PH61425", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 versions 11.1.4 \u00e0 11.1.4.7 sans le dernier correctif de s\u00e9curit\u00e9 pour TSAMP", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "MaaS360 VPN versions ant\u00e9rieures \u00e0 3.000.800", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 versions 10.5.0 \u00e0 10.5.11 sans le dernier correctif de s\u00e9curit\u00e9 pour Tivoli System Automation for Multiplatforms (TSAMP)", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "VIOS versions 3.1 et 4.1 sans la derni\u00e8re version du fichier bind.rte", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 versions 11.5.0 \u00e0 11.1.5.9 sans le dernier correctif de s\u00e9curit\u00e9 pour TSAMP", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Transformation Extender versions 10.1.1.x ant\u00e9rieures \u00e0 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 PH61425", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Transformation Extender versions 10.1.0.x ant\u00e9rieures \u00e0 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 PH61425", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Transformation Extender versions 10.1.2.x ant\u00e9rieures \u00e0 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 PH61425", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2023-38264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264" }, { "name": "CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "name": "CVE-2023-40551", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40551" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2023-50868", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50868" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2024-22243", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22243" }, { "name": "CVE-2024-29025", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025" }, { "name": "CVE-2023-4408", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4408" }, { "name": "CVE-2024-22262", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22262" }, { "name": "CVE-2024-21011", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011" }, { "name": "CVE-2023-5517", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5517" }, { "name": "CVE-2023-3758", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3758" }, { "name": "CVE-2023-40546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40546" }, { "name": "CVE-2024-21094", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094" }, { "name": "CVE-2023-6237", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2024-0727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727" }, { "name": "CVE-2023-6129", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129" }, { "name": "CVE-2023-50387", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50387" }, { "name": "CVE-2023-40549", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40549" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2023-40548", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40548" }, { "name": "CVE-2024-22259", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22259" }, { "name": "CVE-2023-6516", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6516" }, { "name": "CVE-2023-40550", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40550" }, { "name": "CVE-2024-21085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-5679", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5679" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2023-40547", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40547" } ], "initial_release_date": "2024-06-07T00:00:00", "last_revision_date": "2024-06-07T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0470", "revisions": [ { "description": "Version initiale", "revision_date": "2024-06-07T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-06-06", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7156667", "url": "https://www.ibm.com/support/pages/node/7156667" }, { "published_at": "2024-06-03", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7156255", "url": "https://www.ibm.com/support/pages/node/7156255" }, { "published_at": "2024-06-05", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7156525", "url": "https://www.ibm.com/support/pages/node/7156525" }, { "published_at": "2024-06-04", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7156443", "url": "https://www.ibm.com/support/pages/node/7156443" }, { "published_at": "2024-06-03", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7156292", "url": "https://www.ibm.com/support/pages/node/7156292" } ] }
CERTFR-2023-AVI-0839
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling | IBM Sterling Order Management versions 10.0.x antérieures à 10.0.2309.0 | ||
IBM | N/A | IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3 | ||
IBM | Db2 | IBM Db2 versions 10.5.0.x sans les derniers correctifs de sécurité | ||
IBM | Db2 | IBM Db2 versions 11.1.4.x sans les derniers correctifs de sécurité | ||
IBM | Db2 | IBM Db2 REST versions 1.0.0.121-amd64 à 1.0.0.276-amd64 antérieures à 1.0.0.291-amd64 | ||
IBM | N/A | IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3 | ||
IBM | Db2 | IBM Db2 versions 11.5.x sans les derniers correctifs de sécurité | ||
IBM | QRadar | IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 UP6 | ||
IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "IBM Sterling Order Management versions 10.0.x ant\u00e9rieures \u00e0 10.0.2309.0", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 10.5.0.x sans les derniers correctifs de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 11.1.4.x sans les derniers correctifs de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 REST versions 1.0.0.121-amd64 \u00e0 1.0.0.276-amd64 ant\u00e9rieures \u00e0 1.0.0.291-amd64", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 versions 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2019-17267", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267" }, { "name": "CVE-2023-21843", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843" }, { "name": "CVE-2022-21426", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426" }, { "name": "CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "name": "CVE-2023-32697", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32697" }, { "name": "CVE-2023-30991", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991" }, { "name": "CVE-2023-29404", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404" }, { "name": "CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "name": "CVE-2023-21954", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2020-13956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956" }, { "name": "CVE-2023-29256", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29256" }, { "name": "CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "name": "CVE-2020-35728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728" }, { "name": "CVE-2020-36181", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181" }, { "name": "CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "name": "CVE-2023-21830", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830" }, { "name": "CVE-2020-36182", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182" }, { "name": "CVE-2020-24616", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616" }, { "name": "CVE-2023-30431", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431" }, { "name": "CVE-2022-42703", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703" }, { "name": "CVE-2020-36185", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185" }, { "name": "CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "name": "CVE-2023-32067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067" }, { "name": "CVE-2022-25147", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147" }, { "name": "CVE-2019-16942", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942" }, { "name": "CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "name": "CVE-2020-36179", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179" }, { "name": "CVE-2023-29403", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403" }, { "name": "CVE-2023-35012", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35012" }, { "name": "CVE-2023-30443", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443" }, { "name": "CVE-2020-36186", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186" }, { "name": "CVE-2020-36189", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189" }, { "name": "CVE-2020-35490", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490" }, { "name": "CVE-2023-29405", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405" }, { "name": "CVE-2023-34454", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454" }, { "name": "CVE-2023-27869", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27869" }, { "name": "CVE-2021-20190", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190" }, { "name": "CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "name": "CVE-2023-32342", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32342" }, { "name": "CVE-2023-2828", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828" }, { "name": "CVE-2023-30446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446" }, { "name": "CVE-2019-16335", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335" }, { "name": "CVE-2023-34453", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453" }, { "name": "CVE-2023-29007", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29007" }, { "name": "CVE-2019-14893", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893" }, { "name": "CVE-2022-3564", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564" }, { "name": "CVE-2020-11113", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113" }, { "name": "CVE-2023-27868", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27868" }, { "name": "CVE-2023-35116", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116" }, { "name": "CVE-2023-20867", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867" }, { "name": "CVE-2023-28709", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28709" }, { "name": "CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "name": "CVE-2023-0767", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767" }, { "name": "CVE-2020-10969", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969" }, { "name": "CVE-2023-30445", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445" }, { "name": "CVE-2022-40609", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609" }, { "name": "CVE-2020-36187", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187" }, { "name": "CVE-2023-30447", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447" }, { "name": "CVE-2023-30442", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30442" }, { "name": "CVE-2023-34455", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455" }, { "name": "CVE-2023-30441", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30441" }, { "name": "CVE-2020-11620", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620" }, { "name": "CVE-2023-27867", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27867" }, { "name": "CVE-2023-34396", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34396" }, { "name": "CVE-2020-24750", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750" }, { "name": "CVE-2022-37434", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434" }, { "name": "CVE-2023-39976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976" }, { "name": "CVE-2019-16943", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943" }, { "name": "CVE-2022-4378", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378" }, { "name": "CVE-2020-28491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491" }, { "name": "CVE-2019-20330", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330" }, { "name": "CVE-2020-14195", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2023-22809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809" }, { "name": "CVE-2020-35491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491" }, { "name": "CVE-2019-17531", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-30448", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448" }, { "name": "CVE-2020-14061", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2020-11619", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619" }, { "name": "CVE-2022-48339", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48339" }, { "name": "CVE-2023-27558", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558" }, { "name": "CVE-2020-36183", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183" }, { "name": "CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "name": "CVE-2023-38408", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408" }, { "name": "CVE-2023-34981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34981" }, { "name": "CVE-2023-30449", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449" }, { "name": "CVE-2020-36184", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184" }, { "name": "CVE-2023-30994", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30994" }, { "name": "CVE-2020-36180", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2019-14540", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2023-25652", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25652" }, { "name": "CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "name": "CVE-2023-23487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23487" }, { "name": "CVE-2020-10968", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968" }, { "name": "CVE-2020-25649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649" }, { "name": "CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "name": "CVE-2023-40367", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40367" }, { "name": "CVE-2023-29402", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402" }, { "name": "CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "name": "CVE-2020-11112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2020-11111", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111" }, { "name": "CVE-2023-34149", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34149" }, { "name": "CVE-2020-14060", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060" }, { "name": "CVE-2020-36188", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188" }, { "name": "CVE-2016-1000027", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027" }, { "name": "CVE-2019-14892", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892" }, { "name": "CVE-2020-14062", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062" } ], "initial_release_date": "2023-10-13T00:00:00", "last_revision_date": "2023-10-13T00:00:00", "links": [], "reference": "CERTFR-2023-AVI-0839", "revisions": [ { "description": "Version initiale", "revision_date": "2023-10-13T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047565 du 06 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7047565" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049129 du 10 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7049129" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047481 du 06 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7047481" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049434 du 10 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7049434" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047499 du 06 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7047499" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047754 du 06 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7047754" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049133 du 10 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7049133" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047724 du 06 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7047724" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049435 du 10 octobre 2023", "url": "https://www.ibm.com/support/pages/node/7049435" } ] }
CERTFR-2024-AVI-0199
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | WebSphere | WebSphere Service Registry and Repository versions 8.5.x antérieures à WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940 | ||
IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de sécurité V8.5.6.3_IJ50069 | ||
IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.19.0 | ||
IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.19.0 | ||
IBM | Sterling | Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 10 | ||
IBM | Sterling | Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 06 |
Title | Publication Time | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "WebSphere Service Registry and Repository versions 8.5.x ant\u00e9rieures \u00e0 WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de s\u00e9curit\u00e9 V8.5.6.3_IJ50069", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0", "product": { "name": "Cloud Pak", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0", "product": { "name": "QRadar Suite Software", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 10", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 06", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2018-1099", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1099" }, { "name": "CVE-2023-45857", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857" }, { "name": "CVE-2024-24762", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24762" }, { "name": "CVE-2021-43816", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43816" }, { "name": "CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2022-31030", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2020-15106", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15106" }, { "name": "CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "name": "CVE-2021-32760", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32760" }, { "name": "CVE-2023-34478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34478" }, { "name": "CVE-2023-36478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478" }, { "name": "CVE-2023-25173", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173" }, { "name": "CVE-2023-25153", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-40167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167" }, { "name": "CVE-2023-41900", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900" }, { "name": "CVE-2023-22045", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045" }, { "name": "CVE-2023-22049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049" }, { "name": "CVE-2023-36479", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479" }, { "name": "CVE-2022-41854", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854" }, { "name": "CVE-2021-21334", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21334" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "name": "CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "name": "CVE-2022-38752", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "name": "CVE-2022-23471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471" }, { "name": "CVE-2024-23829", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23829" }, { "name": "CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "name": "CVE-2023-47248", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47248" }, { "name": "CVE-2018-16886", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16886" }, { "name": "CVE-2022-23648", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23648" }, { "name": "CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "name": "CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-22602", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22602" }, { "name": "CVE-2021-41103", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41103" }, { "name": "CVE-2023-40743", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40743" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2017-16137", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137" }, { "name": "CVE-2024-23334", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23334" } ], "initial_release_date": "2024-03-08T00:00:00", "last_revision_date": "2024-03-08T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0199", "revisions": [ { "description": "Version initiale", "revision_date": "2024-03-08T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7130806 du 07 mars 2024", "url": "https://www.ibm.com/support/pages/node/7130806" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129989 du 06 mars 2024", "url": "https://www.ibm.com/support/pages/node/7129989" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129833 du 04 mars 2024", "url": "https://www.ibm.com/support/pages/node/7129833" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129327 du 01 mars 2024", "url": "https://www.ibm.com/support/pages/node/7129327" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129821 du 04 mars 2024", "url": "https://www.ibm.com/support/pages/node/7129821" } ] }
CERTFR-2024-AVI-0820
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Cognos Transformer | Cognos Transformer version 11.2.4 avec Cognos Analytics versions antérieures à 11.2.4 FP4 | ||
IBM | Cognos Transformer | Cognos Transformer version 12.0.0 avec Cognos Analytics versions antérieures à 12.0.3 |
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Cognos Transformer version 11.2.4 avec Cognos Analytics versions ant\u00e9rieures \u00e0 11.2.4 FP4 ", "product": { "name": "Cognos Transformer", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Transformer version 12.0.0 avec Cognos Analytics versions ant\u00e9rieures \u00e0 12.0.3", "product": { "name": "Cognos Transformer", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-09-27T00:00:00", "last_revision_date": "2024-09-27T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0820", "revisions": [ { "description": "Version initiale", "revision_date": "2024-09-27T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s IBM Cognos Transformer", "vendor_advisories": [ { "published_at": "2024-09-26", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159172", "url": "https://www.ibm.com/support/pages/node/7159172" } ] }
CERTFR-2024-AVI-0010
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | N/A | IBM OS Image pour AIX Systems versions antérieures à AIX 7.2 TL5 SP6 sur Cloud Pak System versions antérieures à V2.3.3.7 Interim Fix 01 | ||
IBM | N/A | IBM Db2 on Cloud Pak for Data versions antérieures à v4.8 | ||
IBM | N/A | Db2 Warehouse on Cloud Pak for Data versions antérieures à v4.8 | ||
IBM | Db2 | IBM Db2 Web Query for i versions antérieures à 2.4.0 sans les derniers correctifs de sécurité |
Title | Publication Time | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "IBM OS Image pour AIX Systems versions ant\u00e9rieures \u00e0 AIX 7.2 TL5 SP6 sur Cloud Pak System versions ant\u00e9rieures \u00e0 V2.3.3.7 Interim Fix 01", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Web Query for i versions ant\u00e9rieures \u00e0 2.4.0 sans les derniers correctifs de s\u00e9curit\u00e9", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "name": "CVE-2023-30991", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991" }, { "name": "CVE-2023-21954", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2023-20862", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20862" }, { "name": "CVE-2023-38740", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38740" }, { "name": "CVE-2023-38719", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38719" }, { "name": "CVE-2023-30987", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30987" }, { "name": "CVE-2023-20861", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861" }, { "name": "CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "name": "CVE-2023-45133", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133" }, { "name": "CVE-2023-40373", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40373" }, { "name": "CVE-2023-38728", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38728" }, { "name": "CVE-2022-41946", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41946" }, { "name": "CVE-2023-38720", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38720" }, { "name": "CVE-2023-43646", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43646" }, { "name": "CVE-2018-25032", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032" }, { "name": "CVE-2023-39976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2023-20863", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863" }, { "name": "CVE-2017-15708", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15708" }, { "name": "CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "name": "CVE-2023-40374", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40374" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2023-40372", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40372" } ], "initial_release_date": "2024-01-05T00:00:00", "last_revision_date": "2024-01-05T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0010", "revisions": [ { "description": "Version initiale", "revision_date": "2024-01-05T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7105215 du 03 janvier 2024", "url": "https://www.ibm.com/support/pages/node/7105215" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7105138 du 03 janvier 2024", "url": "https://www.ibm.com/support/pages/node/7105138" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7104447 du 02 janvier 2024", "url": "https://www.ibm.com/support/pages/node/7104447" } ] }
CERTFR-2024-AVI-0385
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services (Certified Container) toutes versions sans le dernier correctif de sécurité | ||
IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.23 | ||
IBM | N/A | AIX et VIOS sans le dernier correctif de sécurité | ||
IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions antérieures à 6.1.0.24 | ||
IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.4.0 | ||
IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.7 | ||
IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF02 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "IBM Sterling Connect:Direct Web Services (Certified Container) toutes versions sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.23", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "AIX et VIOS sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect:Direct Web Services versions ant\u00e9rieures \u00e0 6.1.0.24", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.4.0", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF02", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2023-29483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483" }, { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2023-1382", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1382" }, { "name": "CVE-2023-4732", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4732" }, { "name": "CVE-2022-48564", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564" }, { "name": "CVE-2023-6681", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6681" }, { "name": "CVE-2023-3138", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3138" }, { "name": "CVE-2023-46813", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46813" }, { "name": "CVE-2023-46218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" }, { "name": "CVE-2023-1838", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1838" }, { "name": "CVE-2024-27273", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27273" }, { "name": "CVE-2023-28328", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28328" }, { "name": "CVE-2023-51043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51043" }, { "name": "CVE-2023-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5633" }, { "name": "CVE-2023-52425", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425" }, { "name": "CVE-2022-38457", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38457" }, { "name": "CVE-2023-38546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546" }, { "name": "CVE-2022-45688", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688" }, { "name": "CVE-2022-26691", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26691" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2023-5178", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5178" }, { "name": "CVE-2023-50868", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50868" }, { "name": "CVE-2023-6536", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6536" }, { "name": "CVE-2023-23455", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455" }, { "name": "CVE-2020-10001", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10001" }, { "name": "CVE-2024-0646", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0646" }, { "name": "CVE-2021-33503", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503" }, { "name": "CVE-2023-40283", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40283" }, { "name": "CVE-2022-45884", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45884" }, { "name": "CVE-2023-50782", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782" }, { "name": "CVE-2007-4559", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4559" }, { "name": "CVE-2023-33951", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33951" }, { "name": "CVE-2024-28102", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102" }, { "name": "CVE-2023-2163", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2163" }, { "name": "CVE-2022-42895", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42895" }, { "name": "CVE-2024-22361", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2022-40133", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40133" }, { "name": "CVE-2023-4807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807" }, { "name": "CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "name": "CVE-2023-45862", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45862" }, { "name": "CVE-2023-1989", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989" }, { "name": "CVE-2020-3898", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3898" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-1855", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855" }, { "name": "CVE-2018-20060", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060" }, { "name": "CVE-2023-25193", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193" }, { "name": "CVE-2022-45869", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45869" }, { "name": "CVE-2023-2513", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2513" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2023-20569", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569" }, { "name": "CVE-2023-4206", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4206" }, { "name": "CVE-2023-6817", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6817" }, { "name": "CVE-2023-31084", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31084" }, { "name": "CVE-2023-5072", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072" }, { "name": "CVE-2022-45919", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45919" }, { "name": "CVE-2019-13224", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13224" }, { "name": "CVE-2022-41858", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41858" }, { "name": "CVE-2023-3611", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611" }, { "name": "CVE-2023-4128", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4128" }, { "name": "CVE-2023-31436", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31436" }, { "name": "CVE-2023-1074", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1074" }, { "name": "CVE-2019-19204", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19204" }, { "name": "CVE-2023-42753", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753" }, { "name": "CVE-2023-4921", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4921" }, { "name": "CVE-2023-33203", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33203" }, { "name": "CVE-2023-3812", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3812" }, { "name": "CVE-2023-32360", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360" }, { "name": "CVE-2023-27043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043" }, { "name": "CVE-2024-27269", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27269" }, { "name": "CVE-2021-43975", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43975" }, { "name": "CVE-2023-4207", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207" }, { "name": "CVE-2018-19787", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19787" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2023-6356", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6356" }, { "name": "CVE-2024-1488", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1488" }, { "name": "CVE-2024-22195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195" }, { "name": "CVE-2023-1252", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1252" }, { "name": "CVE-2023-44794", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44794" }, { "name": "CVE-2022-3545", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545" }, { "name": "CVE-2023-2176", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2176" }, { "name": "CVE-2023-2162", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2162" }, { "name": "CVE-2023-1079", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1079" }, { "name": "CVE-2022-36402", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36402" }, { "name": "CVE-2023-33952", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33952" }, { "name": "CVE-2023-32324", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32324" }, { "name": "CVE-2023-36478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478" }, { "name": "CVE-2014-3146", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3146" }, { "name": "CVE-2023-45803", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "name": "CVE-2023-3772", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3772" }, { "name": "CVE-2022-4744", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4744" }, { "name": "CVE-2023-3161", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3161" }, { "name": "CVE-2023-35824", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35824" }, { "name": "CVE-2023-45871", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45871" }, { "name": "CVE-2023-1998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1998" }, { "name": "CVE-2023-28772", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28772" }, { "name": "CVE-2022-40982", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982" }, { "name": "CVE-2019-16163", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16163" }, { "name": "CVE-2023-1786", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1786" }, { "name": "CVE-2023-1075", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1075" }, { "name": "CVE-2023-3609", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3609" }, { "name": "CVE-2023-38325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325" }, { "name": "CVE-2023-4155", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4155" }, { "name": "CVE-2023-4208", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4208" }, { "name": "CVE-2023-35823", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35823" }, { "name": "CVE-2019-9740", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740" }, { "name": "CVE-2023-26545", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26545" }, { "name": "CVE-2022-3640", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3640" }, { "name": "CVE-2022-45887", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45887" }, { "name": "CVE-2023-6535", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6535" }, { "name": "CVE-2024-26130", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26130" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2019-19203", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19203" }, { "name": "CVE-2023-1118", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1118" }, { "name": "CVE-2023-43804", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2022-48560", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560" }, { "name": "CVE-2022-3594", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3594" }, { "name": "CVE-2023-34241", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34241" }, { "name": "CVE-2022-38096", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38096" }, { "name": "CVE-2023-4622", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4622" }, { "name": "CVE-2019-8696", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696" }, { "name": "CVE-2020-26137", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137" }, { "name": "CVE-2019-11324", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324" }, { "name": "CVE-2023-3141", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3141" }, { "name": "CVE-2022-28388", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28388" }, { "name": "CVE-2023-30456", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456" }, { "name": "CVE-2023-2004", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2004" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2023-6606", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6606" }, { "name": "CVE-2019-11236", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236" }, { "name": "CVE-2023-6932", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6932" }, { "name": "CVE-2023-0458", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0458" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2023-1073", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073" }, { "name": "CVE-2023-3212", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3212" }, { "name": "CVE-2021-33631", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33631" }, { "name": "CVE-2023-50387", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50387" }, { "name": "CVE-2024-0985", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985" }, { "name": "CVE-2024-20932", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932" }, { "name": "CVE-2022-48624", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2023-0597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0597" }, { "name": "CVE-2023-6546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6546" }, { "name": "CVE-2023-7192", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7192" }, { "name": "CVE-2023-4132", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4132" }, { "name": "CVE-2024-1086", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1086" }, { "name": "CVE-2023-1206", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1206" }, { "name": "CVE-2024-0565", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0565" }, { "name": "CVE-2019-8675", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675" }, { "name": "CVE-2023-4623", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4623" }, { "name": "CVE-2023-51042", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51042" }, { "name": "CVE-2023-0590", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-3268", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3268" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2023-5717", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5717" }, { "name": "CVE-2019-19012", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19012" }, { "name": "CVE-2020-27783", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2021-43818", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43818" }, { "name": "CVE-2021-43618", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618" }, { "name": "CVE-2023-2166", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2166" }, { "name": "CVE-2023-1192", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1192" }, { "name": "CVE-2023-6931", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6931" }, { "name": "CVE-2023-6610", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6610" } ], "initial_release_date": "2024-05-10T00:00:00", "last_revision_date": "2024-05-10T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0385", "revisions": [ { "description": "Version initiale", "revision_date": "2024-05-10T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150297 du 06 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150297" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150684 du 09 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150684" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150803 du 09 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150803" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150277 du 05 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150277" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150196 du 03 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150196" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150798 du 09 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150798" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150804 du 09 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150804" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150799 du 09 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150799" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150276 du 05 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150276" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150802 du 09 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150802" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150362 du 07 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150362" } ] }
CERTFR-2025-AVI-0590
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling | Sterling Connect:Direct Web Services versions 6.3.0.x antérieures à 6.3.0.14 | ||
IBM | Tivoli | Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent version 7.3.0 Fix Pack 4 sans le dernier correctif de sécurité | ||
IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 iFix 03 | ||
IBM | Db2 | DB2 Data Management Console on CPD versions 4.7.1 antérieures à 4.7.2 | ||
IBM | Db2 | DB2 Data Management Console versions 3.1.11 à 3.1.13.x antérieures à 3.1.13.1 | ||
IBM | QRadar | QRadar SIEM versions 7.5.0 sans le dernier correctif de sécurité | ||
IBM | Tivoli | Tivoli Composite Application Manager for Application Diagnostics version 7.1.0 sans le dernier correctif de sécurité | ||
IBM | Sterling | Sterling Connect:Direct Web Services versions 6.4.0.x antérieures à 6.4.0.3 | ||
IBM | WebSphere | WebSphere Hybrid Edition versions 5.1 sans le correctif de sécurité PH66674 | ||
IBM | Sterling | Sterling Connect:Direct Web Services versions 6.2.0.x antérieures à 6.2.0.28 |
Title | Publication Time | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Sterling Connect:Direct Web Services versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.14", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent version 7.3.0 Fix Pack 4 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Tivoli", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 03", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "DB2 Data Management Console on CPD versions 4.7.1 ant\u00e9rieures \u00e0 4.7.2", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "DB2 Data Management Console versions 3.1.11 \u00e0 3.1.13.x ant\u00e9rieures \u00e0 3.1.13.1", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar SIEM versions 7.5.0 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Tivoli Composite Application Manager for Application Diagnostics version 7.1.0 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Tivoli", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect:Direct Web Services versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.3", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Hybrid Edition versions 5.1 sans le correctif de s\u00e9curit\u00e9 PH66674", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect:Direct Web Services versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.28", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2025-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447" }, { "name": "CVE-2022-29162", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29162" }, { "name": "CVE-2020-13956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956" }, { "name": "CVE-2021-43816", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43816" }, { "name": "CVE-2023-21830", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830" }, { "name": "CVE-2023-27561", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27561" }, { "name": "CVE-2022-31030", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030" }, { "name": "CVE-2021-35516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516" }, { "name": "CVE-2022-32149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149" }, { "name": "CVE-2019-19921", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19921" }, { "name": "CVE-2021-35517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517" }, { "name": "CVE-2021-36090", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090" }, { "name": "CVE-2021-43784", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784" }, { "name": "CVE-2021-32760", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32760" }, { "name": "CVE-2023-25173", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173" }, { "name": "CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "name": "CVE-2025-21587", "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587" }, { "name": "CVE-2023-25809", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25809" }, { "name": "CVE-2024-25710", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710" }, { "name": "CVE-2023-25153", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2025-30698", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698" }, { "name": "CVE-2022-41721", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41721" }, { "name": "CVE-2023-28642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28642" }, { "name": "CVE-2022-23471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471" }, { "name": "CVE-2025-2900", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900" }, { "name": "CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "name": "CVE-2021-35515", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515" }, { "name": "CVE-2022-23648", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23648" }, { "name": "CVE-2021-41103", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41103" }, { "name": "CVE-2025-36038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038" }, { "name": "CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "name": "CVE-2016-1000027", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027" } ], "initial_release_date": "2025-07-11T00:00:00", "last_revision_date": "2025-07-11T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0590", "revisions": [ { "description": "Version initiale", "revision_date": "2025-07-11T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239103", "url": "https://www.ibm.com/support/pages/node/7239103" }, { "published_at": "2025-07-07", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239009", "url": "https://www.ibm.com/support/pages/node/7239009" }, { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239143", "url": "https://www.ibm.com/support/pages/node/7239143" }, { "published_at": "2025-07-09", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239362", "url": "https://www.ibm.com/support/pages/node/7239362" }, { "published_at": "2025-07-11", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239476", "url": "https://www.ibm.com/support/pages/node/7239476" }, { "published_at": "2025-07-09", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239247", "url": "https://www.ibm.com/support/pages/node/7239247" }, { "published_at": "2025-07-08", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239178", "url": "https://www.ibm.com/support/pages/node/7239178" }, { "published_at": "2025-07-11", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239475", "url": "https://www.ibm.com/support/pages/node/7239475" } ] }
CERTFR-2024-AVI-0959
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
NetApp | OnCommand Insight | OnCommand Insight versions antérieures à 7.3.16 | ||
NetApp | StorageGRID | StorageGRID (anciennement StorageGRID Webscale) versions antérieures à 11.9.0 |
Title | Publication Time | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "OnCommand Insight versions ant\u00e9rieures \u00e0 7.3.16", "product": { "name": "OnCommand Insight", "vendor": { "name": "NetApp", "scada": false } } }, { "description": "StorageGRID (anciennement StorageGRID Webscale) versions ant\u00e9rieures \u00e0 11.9.0", "product": { "name": "StorageGRID", "vendor": { "name": "NetApp", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "name": "CVE-2017-20189", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20189" }, { "name": "CVE-2010-4756", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4756" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2022-3715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3715" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2024-21994", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21994" }, { "name": "CVE-2023-5363", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2024-25041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25041" }, { "name": "CVE-2023-38552", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552" }, { "name": "CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2024-21634", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634" }, { "name": "CVE-2023-46750", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46750" }, { "name": "CVE-2023-46749", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46749" }, { "name": "CVE-2021-36770", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36770" }, { "name": "CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "name": "CVE-2023-37466", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37466" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2023-37903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37903" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2021-20086", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20086" }, { "name": "CVE-2017-20162", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20162" }, { "name": "CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2018-9466", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9466" }, { "name": "CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "name": "CVE-2024-25053", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25053" }, { "name": "CVE-2023-39331", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39331" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2021-3377", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3377" }, { "name": "CVE-2023-39332", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332" }, { "name": "CVE-2023-39333", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333" }, { "name": "CVE-2023-26159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-11-12T00:00:00", "last_revision_date": "2024-11-12T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0959", "revisions": [ { "description": "Version initiale", "revision_date": "2024-11-12T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp", "vendor_advisories": [ { "published_at": "2024-11-08", "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0001", "url": "https://security.netapp.com/advisory/ntap-20241108-0001/" }, { "published_at": "2024-11-08", "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20241108-0002", "url": "https://security.netapp.com/advisory/ntap-20241108-0002/" } ] }
CERTFR-2024-AVI-0419
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | QRadar User Behavior Analytics | QRadar User Behavior Analytics versions antérieures à 4.1.16 | ||
IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x sans le dernier correctif de sécurité | ||
IBM | WebSphere | WebSphere Extreme Scale versions 8.6.1.x antérieures à 8.6.1.6 avec le correctif de sécurité PH61189 |
Title | Publication Time | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.16", "product": { "name": "QRadar User Behavior Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM QRadar SIEM versions 7.5.x sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 avec le correctif de s\u00e9curit\u00e9 PH61189", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2024-1597", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597" }, { "name": "CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "name": "CVE-2023-31582", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31582" }, { "name": "CVE-2023-46234", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "name": "CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "name": "CVE-2019-17571", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "name": "CVE-2020-13936", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936" }, { "name": "CVE-2023-34454", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454" }, { "name": "CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "name": "CVE-2023-34453", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453" }, { "name": "CVE-2023-3635", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635" }, { "name": "CVE-2023-25613", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25613" }, { "name": "CVE-2023-41419", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41419" }, { "name": "CVE-2020-9493", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9493" }, { "name": "CVE-2018-11770", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11770" }, { "name": "CVE-2018-11804", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11804" }, { "name": "CVE-2020-9488", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488" }, { "name": "CVE-2023-22946", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22946" }, { "name": "CVE-2024-22195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195" }, { "name": "CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "name": "CVE-2023-34455", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455" }, { "name": "CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "name": "CVE-2022-46751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2023-44981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-6481", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481" }, { "name": "CVE-2023-6378", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378" }, { "name": "CVE-2018-17190", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17190" }, { "name": "CVE-2023-26145", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26145" }, { "name": "CVE-2022-23302", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23302" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-31486", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31486" }, { "name": "CVE-2023-26159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2017-16137", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137" } ], "initial_release_date": "2024-05-17T00:00:00", "last_revision_date": "2024-05-17T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0419", "revisions": [ { "description": "Version initiale", "revision_date": "2024-05-17T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150929 du 10 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150929" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7152257 du 15 mai 2024", "url": "https://www.ibm.com/support/pages/node/7152257" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7152260 du 15 mai 2024", "url": "https://www.ibm.com/support/pages/node/7152260" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7152258 du 15 mai 2024", "url": "https://www.ibm.com/support/pages/node/7152258" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150844 du 10 mai 2024", "url": "https://www.ibm.com/support/pages/node/7150844" } ] }
CERTFR-2024-AVI-1051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | VIOS | VIOS version 3.1 sans le correctif invscout_fix7.tar | ||
IBM | AIX | AIX version 7.3 sans le correctif invscout_fix7.tar | ||
IBM | Cognos Controller | Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3 | ||
IBM | AIX | AIX version 7.2 sans le correctif invscout_fix7.tar | ||
IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2 | ||
IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.0.0 | ||
IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10 | ||
IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10 | ||
IBM | VIOS | VIOS version 4.1 sans le correctif invscout_fix7.tar | ||
IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2 |
Title | Publication Time | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "VIOS version 3.1 sans le correctif invscout_fix7.tar", "product": { "name": "VIOS", "vendor": { "name": "IBM", "scada": false } } }, { "description": "AIX version 7.3 sans le correctif invscout_fix7.tar", "product": { "name": "AIX", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3", "product": { "name": "Cognos Controller", "vendor": { "name": "IBM", "scada": false } } }, { "description": "AIX version 7.2 sans le correctif invscout_fix7.tar", "product": { "name": "AIX", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2", "product": { "name": "Sterling Partner Engagement Manager Essentials Edition", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0", "product": { "name": "QRadar Use Case Manager App", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10", "product": { "name": "Sterling Partner Engagement Manager Essentials Edition", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10", "product": { "name": "Sterling Partner Engagement Manager Standard Edition", "vendor": { "name": "IBM", "scada": false } } }, { "description": "VIOS version 4.1 sans le correctif invscout_fix7.tar", "product": { "name": "VIOS", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2", "product": { "name": "Sterling Partner Engagement Manager Standard Edition", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2023-7104", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104" }, { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2023-21843", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843" }, { "name": "CVE-2024-47115", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47115" }, { "name": "CVE-2021-29425", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425" }, { "name": "CVE-2022-32213", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32213" }, { "name": "CVE-2021-22959", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22959" }, { "name": "CVE-2023-38264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264" }, { "name": "CVE-2024-25020", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25020" }, { "name": "CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "name": "CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "name": "CVE-2023-21954", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-22353", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353" }, { "name": "CVE-2024-41777", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41777" }, { "name": "CVE-2024-21890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890" }, { "name": "CVE-2024-21896", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896" }, { "name": "CVE-2024-43799", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799" }, { "name": "CVE-2021-36690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690" }, { "name": "CVE-2023-21830", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830" }, { "name": "CVE-2021-22940", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940" }, { "name": "CVE-2023-23936", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936" }, { "name": "CVE-2023-50312", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50312" }, { "name": "CVE-2021-22930", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930" }, { "name": "CVE-2024-25035", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25035" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-38737", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38737" }, { "name": "CVE-2023-24807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "name": "CVE-2021-22918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22918" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2024-45590", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590" }, { "name": "CVE-2021-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337" }, { "name": "CVE-2024-25026", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026" }, { "name": "CVE-2021-22939", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939" }, { "name": "CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "name": "CVE-2024-26308", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308" }, { "name": "CVE-2022-0155", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0155" }, { "name": "CVE-2021-22960", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22960" }, { "name": "CVE-2024-41776", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41776" }, { "name": "CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "name": "CVE-2024-25019", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25019" }, { "name": "CVE-2022-32222", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32222" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2022-32212", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32212" }, { "name": "CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "name": "CVE-2024-21634", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634" }, { "name": "CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "name": "CVE-2024-21011", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011" }, { "name": "CVE-2024-22329", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329" }, { "name": "CVE-2021-22921", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22921" }, { "name": "CVE-2022-0536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536" }, { "name": "CVE-2024-25710", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710" }, { "name": "CVE-2021-29892", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29892" }, { "name": "CVE-2024-45676", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45676" }, { "name": "CVE-2023-49735", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49735" }, { "name": "CVE-2024-40691", "url": "https://www.cve.org/CVERecord?id=CVE-2024-40691" }, { "name": "CVE-2024-21094", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2024-27268", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268" }, { "name": "CVE-2022-32215", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32215" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2023-22045", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045" }, { "name": "CVE-2024-41775", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41775" }, { "name": "CVE-2023-22049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049" }, { "name": "CVE-2023-23919", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919" }, { "name": "CVE-2020-28500", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500" }, { "name": "CVE-2021-22931", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931" }, { "name": "CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "name": "CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2022-35737", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737" }, { "name": "CVE-2024-28863", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863" }, { "name": "CVE-2020-8203", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203" }, { "name": "CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "name": "CVE-2024-27270", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27270" }, { "name": "CVE-2024-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2022-32214", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32214" }, { "name": "CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "name": "CVE-2024-30171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171" }, { "name": "CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2024-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017" }, { "name": "CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2022-35255", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35255" }, { "name": "CVE-2024-25036", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25036" }, { "name": "CVE-2024-21085", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085" }, { "name": "CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-39332", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332" }, { "name": "CVE-2024-22354", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2022-32223", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32223" }, { "name": "CVE-2023-26159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-12-06T00:00:00", "last_revision_date": "2024-12-06T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-1051", "revisions": [ { "description": "Version initiale", "revision_date": "2024-12-06T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-12-05", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033", "url": "https://www.ibm.com/support/pages/node/7178033" }, { "published_at": "2024-12-06", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054", "url": "https://www.ibm.com/support/pages/node/7178054" }, { "published_at": "2024-12-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220", "url": "https://www.ibm.com/support/pages/node/7177220" }, { "published_at": "2024-12-05", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981", "url": "https://www.ibm.com/support/pages/node/7177981" } ] }
CERTFR-2024-AVI-0225
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.5.0 UP7 IF06 |
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP7 IF06", "product": { "name": "Secure Analytics", "vendor": { "name": "Juniper Networks", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2022-46337", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46337" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-03-15T00:00:00", "last_revision_date": "2024-03-15T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0225", "revisions": [ { "description": "Version initiale", "revision_date": "2024-03-15T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Secure\nAnalytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 15 mars 2024", "url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP7-IF06?language=en_US" } ] }
CERTFR-2024-AVI-0228
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | Sterling | Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.2_iFix012 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.1.0 sans le correctif de sécurité iFix 03 | ||
IBM | Sterling | Sterling Secure Proxy versions 6.0.3 sans le correctif de sécurité iFix 11 | ||
IBM | Sterling | Sterling Partner Engagement Manager versions 6.2.2.x antérieures à 6.2.2.2 sans le dernier correctif de sécurité | ||
IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF06 | ||
IBM | Sterling | Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x antérieures à 6.2.0.6_iFix012 | ||
IBM | Db2 | IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de sécurité SI85982 et SI85987 | ||
IBM | Sterling | Sterling Partner Engagement Manager versions 6.2.0.x antérieures à 6.2.0.7 sans le dernier correctif de sécurité | ||
IBM | Sterling | Sterling Connect - Direct File Agent versions 1.4.0.x antérieures à 1.4.0.3_iFix004 | ||
IBM | Sterling | Sterling Partner Engagement Manager versions 6.1.2.x antérieures à 6.1.2.9 sans le dernier correctif de sécurité |
Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.2_iFix012", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Secure Proxy versions 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 03", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Secure Proxy versions 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 11", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.2 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF06", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6_iFix012", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de s\u00e9curit\u00e9 SI85982 et SI85987", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.7 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Connect - Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.3_iFix004", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Sterling Partner Engagement Manager versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.9 sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "Sterling", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2023-43642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642" }, { "name": "CVE-2022-45688", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688" }, { "name": "CVE-2023-21954", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2023-47699", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47699" }, { "name": "CVE-2023-46179", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46179" }, { "name": "CVE-2024-22361", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-46182", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46182" }, { "name": "CVE-2023-34454", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454" }, { "name": "CVE-2022-46337", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46337" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-47147", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47147" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2023-34453", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453" }, { "name": "CVE-2022-41678", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41678" }, { "name": "CVE-2023-5072", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072" }, { "name": "CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "name": "CVE-2023-34034", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34034" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2022-40609", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609" }, { "name": "CVE-2023-34455", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455" }, { "name": "CVE-2023-36478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478" }, { "name": "CVE-2023-44981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2023-52428", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-39685", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39685" }, { "name": "CVE-2023-47162", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47162" }, { "name": "CVE-2023-40167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167" }, { "name": "CVE-2023-41900", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "name": "CVE-2023-22045", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045" }, { "name": "CVE-2023-22049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049" }, { "name": "CVE-2023-36479", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2023-46604", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2024-20932", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2023-45177", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45177" }, { "name": "CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "name": "CVE-2023-38039", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38039" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2022-24839", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24839" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2023-46181", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46181" } ], "initial_release_date": "2024-03-15T00:00:00", "last_revision_date": "2024-03-15T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0228", "revisions": [ { "description": "Version initiale", "revision_date": "2024-03-15T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142007 du 14 mars 2024", "url": "https://www.ibm.com/support/pages/node/7142007" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142038 du 14 mars 2024", "url": "https://www.ibm.com/support/pages/node/7142038" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138527 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7138527" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138509 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7138509" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7140420 du 13 mars 2024", "url": "https://www.ibm.com/support/pages/node/7140420" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138477 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7138477" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142032 du 14 mars 2024", "url": "https://www.ibm.com/support/pages/node/7142032" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138522 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7138522" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7137248 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7137248" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7137258 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7137258" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138503 du 12 mars 2024", "url": "https://www.ibm.com/support/pages/node/7138503" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142006 du 14 mars 2024", "url": "https://www.ibm.com/support/pages/node/7142006" } ] }
CERTFR-2024-AVI-0145
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
IBM | Db2 | IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
IBM | QRadar Suite Software | QRadar Suite Software versions 1.10.x.x antérieures à 1.10.18.0 | ||
IBM | N/A | IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions antérieures à v4.8.2 | ||
IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF05 | ||
IBM | QRadar | IBM QRadar Use Case Manager App versions antérieures à 3.9.0 | ||
IBM | WebSphere | IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20 | ||
IBM | WebSphere | IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20 | ||
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.1.x.x antérieures à 6.1.0.23 | ||
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.3.x.x antérieures à 6.3.0.6 | ||
IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct Web Services versions 6.2.x.x antérieures à 6.2.0.22 | ||
IBM | Db2 | IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de sécurité Fixpack cumulatif Db2 | ||
IBM | Cloud Pak | IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.18.0 | ||
IBM | Spectrum | IBM Spectrum Scale versions 5.1.x.x antérieures à 5.1.2.15 | ||
IBM | WebSphere | IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20 | ||
IBM | QRadar WinCollect Agent | IBM QRadar WinCollect Agent versions 10.0.x antérieures à 10.1.9 | ||
IBM | Spectrum | IBM Spectrum Scale versions 5.1.3.x antérieures à 5.1.9.2 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "IBM Cloud APM, Advanced Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0", "product": { "name": "QRadar Suite Software", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Db2 sur Cloud Pak pour Data et Db2 Warehouse sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 v4.8.2", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF05", "product": { "name": "QRadar SIEM", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 3.9.0", "product": { "name": "QRadar", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM WebSphere Application Server versions 8.5.x.x sans le SDK version 8 Service Refresh 8 FP20", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM WebSphere Application Server Liberty sans le SDK version 8 Service Refresh 8 FP20", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Connect:Direct Web Services versions 6.1.x.x ant\u00e9rieures \u00e0 6.1.0.23", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Connect:Direct Web Services versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.6", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Sterling Connect:Direct Web Services versions 6.2.x.x ant\u00e9rieures \u00e0 6.2.0.22", "product": { "name": "Sterling Connect:Direct", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Cloud APM, Base Private versions 8.1.4 sans le dernier correctif de s\u00e9curit\u00e9 Fixpack cumulatif Db2", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.18.0", "product": { "name": "Cloud Pak", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Spectrum Scale versions 5.1.x.x ant\u00e9rieures \u00e0 5.1.2.15", "product": { "name": "Spectrum", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM WebSphere Application Server versions 9.x sans le SDK version 8 Service Refresh 8 FP20", "product": { "name": "WebSphere", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM QRadar WinCollect Agent versions 10.0.x ant\u00e9rieures \u00e0 10.1.9", "product": { "name": "QRadar WinCollect Agent", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Spectrum Scale versions 5.1.3.x ant\u00e9rieures \u00e0 5.1.9.2", "product": { "name": "Spectrum", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2015-8385", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385" }, { "name": "CVE-2015-8388", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388" }, { "name": "CVE-2015-8392", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392" }, { "name": "CVE-2015-2327", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327" }, { "name": "CVE-2015-8394", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394" }, { "name": "CVE-2015-8395", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395" }, { "name": "CVE-2015-8387", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387" }, { "name": "CVE-2015-8391", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391" }, { "name": "CVE-2015-8383", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383" }, { "name": "CVE-2015-8390", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390" }, { "name": "CVE-2015-8381", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381" }, { "name": "CVE-2015-8386", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386" }, { "name": "CVE-2015-2328", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328" }, { "name": "CVE-2020-14155", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155" }, { "name": "CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "name": "CVE-2021-3712", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712" }, { "name": "CVE-2021-3711", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711" }, { "name": "CVE-2021-22926", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22926" }, { "name": "CVE-2021-22947", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947" }, { "name": "CVE-2021-22946", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946" }, { "name": "CVE-2021-36221", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221" }, { "name": "CVE-2021-29923", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923" }, { "name": "CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "name": "CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "name": "CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "name": "CVE-2021-4160", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4160" }, { "name": "CVE-2021-44716", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716" }, { "name": "CVE-2021-41772", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772" }, { "name": "CVE-2021-41771", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771" }, { "name": "CVE-2022-3602", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602" }, { "name": "CVE-2022-37434", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434" }, { "name": "CVE-2022-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633" }, { "name": "CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "name": "CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "name": "CVE-2022-28131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131" }, { "name": "CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "name": "CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "name": "CVE-2022-1962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962" }, { "name": "CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "name": "CVE-2022-32149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149" }, { "name": "CVE-2022-30631", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631" }, { "name": "CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "name": "CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "name": "CVE-2022-3786", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786" }, { "name": "CVE-2022-3515", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3515" }, { "name": "CVE-2022-32206", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206" }, { "name": "CVE-2018-25032", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032" }, { "name": "CVE-2021-22925", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925" }, { "name": "CVE-2021-22923", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22923" }, { "name": "CVE-2021-22922", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22922" }, { "name": "CVE-2022-23773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773" }, { "name": "CVE-2022-23772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772" }, { "name": "CVE-2022-23806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806" }, { "name": "CVE-2022-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778" }, { "name": "CVE-2022-24921", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921" }, { "name": "CVE-2022-1292", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292" }, { "name": "CVE-2021-39293", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293" }, { "name": "CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "name": "CVE-2022-22576", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576" }, { "name": "CVE-2022-27776", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776" }, { "name": "CVE-2022-2068", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068" }, { "name": "CVE-2021-27918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918" }, { "name": "CVE-2021-41190", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41190" }, { "name": "CVE-2021-33194", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194" }, { "name": "CVE-2022-2097", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097" }, { "name": "CVE-2022-28327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327" }, { "name": "CVE-2022-24675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675" }, { "name": "CVE-2022-27782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782" }, { "name": "CVE-2022-32208", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208" }, { "name": "CVE-2022-27781", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781" }, { "name": "CVE-2022-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171" }, { "name": "CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "name": "CVE-2022-32221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221" }, { "name": "CVE-2022-35252", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252" }, { "name": "CVE-2022-43552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552" }, { "name": "CVE-2022-4304", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304" }, { "name": "CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "name": "CVE-2023-0215", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215" }, { "name": "CVE-2022-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450" }, { "name": "CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "name": "CVE-2023-23916", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916" }, { "name": "CVE-2022-29244", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29244" }, { "name": "CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "name": "CVE-2022-3509", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509" }, { "name": "CVE-2023-0464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464" }, { "name": "CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "name": "CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "name": "CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "name": "CVE-2022-41716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716" }, { "name": "CVE-2023-0466", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466" }, { "name": "CVE-2023-0465", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465" }, { "name": "CVE-2022-30629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629" }, { "name": "CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "name": "CVE-2022-30580", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580" }, { "name": "CVE-2022-41725", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725" }, { "name": "CVE-2022-41724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724" }, { "name": "CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2023-21954", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954" }, { "name": "CVE-2020-8244", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8244" }, { "name": "CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "name": "CVE-2023-23919", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919" }, { "name": "CVE-2023-23936", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936" }, { "name": "CVE-2023-24532", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532" }, { "name": "CVE-2023-24537", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537" }, { "name": "CVE-2023-32360", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360" }, { "name": "CVE-2023-2650", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650" }, { "name": "CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2023-24536", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536" }, { "name": "CVE-2023-24538", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538" }, { "name": "CVE-2023-28322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322" }, { "name": "CVE-2023-28320", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320" }, { "name": "CVE-2023-28321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321" }, { "name": "CVE-2023-24540", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540" }, { "name": "CVE-2023-29400", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400" }, { "name": "CVE-2023-24539", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539" }, { "name": "CVE-2023-3446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446" }, { "name": "CVE-2023-28319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319" }, { "name": "CVE-2023-20593", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593" }, { "name": "CVE-2023-3611", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611" }, { "name": "CVE-2022-40982", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982" }, { "name": "CVE-2023-20569", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569" }, { "name": "CVE-2023-29404", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404" }, { "name": "CVE-2023-29402", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402" }, { "name": "CVE-2023-29403", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403" }, { "name": "CVE-2023-29405", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405" }, { "name": "CVE-2023-3776", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776" }, { "name": "CVE-2023-4128", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4128" }, { "name": "CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "name": "CVE-2022-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510" }, { "name": "CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "name": "CVE-2021-38297", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38297" }, { "name": "CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "name": "CVE-2023-37920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920" }, { "name": "CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "name": "CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "name": "CVE-2023-4206", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4206" }, { "name": "CVE-2023-4208", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4208" }, { "name": "CVE-2023-4207", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207" }, { "name": "CVE-2023-29409", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409" }, { "name": "CVE-2023-29406", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406" }, { "name": "CVE-2023-32681", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681" }, { "name": "CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "name": "CVE-2023-45648", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45648" }, { "name": "CVE-2023-42795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42795" }, { "name": "CVE-2023-30991", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991" }, { "name": "CVE-2022-48339", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48339" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2023-39976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976" }, { "name": "CVE-2023-38325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2023-38546", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546" }, { "name": "CVE-2023-38545", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545" }, { "name": "CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "name": "CVE-2023-5363", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363" }, { "name": "CVE-2023-32002", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32002" }, { "name": "CVE-2023-4807", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807" }, { "name": "CVE-2023-5678", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678" }, { "name": "CVE-2023-45803", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803" }, { "name": "CVE-2023-44270", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270" }, { "name": "CVE-2020-15586", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586" }, { "name": "CVE-2020-28362", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362" }, { "name": "CVE-2020-14039", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14039" }, { "name": "CVE-2020-16845", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845" }, { "name": "CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "name": "CVE-2020-24553", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24553" }, { "name": "CVE-2020-28366", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28366" }, { "name": "CVE-2020-28367", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28367" }, { "name": "CVE-2023-34054", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34054" }, { "name": "CVE-2023-34053", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34053" }, { "name": "CVE-2023-34055", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34055" }, { "name": "CVE-2023-46589", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46589" }, { "name": "CVE-2023-43642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642" }, { "name": "CVE-2002-0059", "url": "https://www.cve.org/CVERecord?id=CVE-2002-0059" }, { "name": "CVE-2023-38003", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38003" }, { "name": "CVE-2023-32731", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731" }, { "name": "CVE-2023-45133", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133" }, { "name": "CVE-2015-8393", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8393" }, { "name": "CVE-2020-19909", "url": "https://www.cve.org/CVERecord?id=CVE-2020-19909" }, { "name": "CVE-2023-30987", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30987" }, { "name": "CVE-2023-38719", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38719" }, { "name": "CVE-2023-40374", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40374" }, { "name": "CVE-2023-38728", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38728" }, { "name": "CVE-2023-38720", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38720" }, { "name": "CVE-2023-38740", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38740" }, { "name": "CVE-2023-40372", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40372" }, { "name": "CVE-2023-40373", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40373" }, { "name": "CVE-2023-47145", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47145" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-39323", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323" }, { "name": "CVE-2023-45857", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2023-46308", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46308" }, { "name": "CVE-2023-32006", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32006" }, { "name": "CVE-2023-32559", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32559" }, { "name": "CVE-2023-24534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534" }, { "name": "CVE-2023-6129", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129" }, { "name": "CVE-2022-23541", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23541" }, { "name": "CVE-2022-36046", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36046" }, { "name": "CVE-2023-40692", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40692" }, { "name": "CVE-2023-44981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981" }, { "name": "CVE-2023-38727", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38727" }, { "name": "CVE-2023-45142", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45142" }, { "name": "CVE-2022-48337", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48337" }, { "name": "CVE-2023-47627", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47627" }, { "name": "CVE-2023-47701", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47701" }, { "name": "CVE-2023-49081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49081" }, { "name": "CVE-2023-26159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159" }, { "name": "CVE-2023-29258", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29258" }, { "name": "CVE-2023-39332", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332" }, { "name": "CVE-2023-46218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218" }, { "name": "CVE-2024-22190", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22190" }, { "name": "CVE-2023-4586", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4586" }, { "name": "CVE-2023-43020", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43020" }, { "name": "CVE-2023-37276", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37276" }, { "name": "CVE-2023-47152", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47152" }, { "name": "CVE-2023-49082", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49082" }, { "name": "CVE-2023-46219", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219" }, { "name": "CVE-2023-47141", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47141" }, { "name": "CVE-2023-39318", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318" }, { "name": "CVE-2023-38552", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552" }, { "name": "CVE-2023-46167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46167" }, { "name": "CVE-2023-27859", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27859" }, { "name": "CVE-2023-47158", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47158" }, { "name": "CVE-2023-36665", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36665" }, { "name": "CVE-2022-23529", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23529" }, { "name": "CVE-2023-40687", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40687" }, { "name": "CVE-2022-23539", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23539" }, { "name": "CVE-2023-6681", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6681" }, { "name": "CVE-2022-23540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23540" }, { "name": "CVE-2023-46234", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234" }, { "name": "CVE-2023-50308", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50308" }, { "name": "CVE-2023-39331", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39331" }, { "name": "CVE-2023-45178", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178" }, { "name": "CVE-2023-45193", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45193" }, { "name": "CVE-2023-39319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319" }, { "name": "CVE-2020-29510", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29510" }, { "name": "CVE-2023-47746", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47746" }, { "name": "CVE-2023-34062", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34062" }, { "name": "CVE-2023-47747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47747" }, { "name": "CVE-2024-0727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727" }, { "name": "CVE-2023-46158", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46158" }, { "name": "CVE-2023-26115", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115" } ], "initial_release_date": "2024-02-16T00:00:00", "last_revision_date": "2024-02-16T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0145", "revisions": [ { "description": "Version initiale", "revision_date": "2024-02-16T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "D\u00e9ni de service" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7117872 du 14 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7117872" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7118592 du 16 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7118592" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7117873 du 14 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7117873" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7118289 du 15 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7118289" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7118351 du 15 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7118351" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7117821 du 14 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7117821" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7117883 du 14 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7117883" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7117881 du 14 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7117881" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 IBM 7117884 du 14 f\u00e9vrier 2024", "url": "https://www.ibm.com/support/pages/node/7117884" } ] }
CERTFR-2025-AVI-0003
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Title | Publication Time | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.1", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.8", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } }, { "description": "Db2 versions ant\u00e9rieures \u00e0 5.1", "product": { "name": "Db2", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-37370", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370" }, { "name": "CVE-2023-21938", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938" }, { "name": "CVE-2022-24795", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24795" }, { "name": "CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "name": "CVE-2023-30991", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991" }, { "name": "CVE-2023-21954", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954" }, { "name": "CVE-2023-21939", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939" }, { "name": "CVE-2023-38740", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38740" }, { "name": "CVE-2023-45283", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283" }, { "name": "CVE-2023-38719", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38719" }, { "name": "CVE-2023-45288", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288" }, { "name": "CVE-2023-30987", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30987" }, { "name": "CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "name": "CVE-2022-31163", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31163" }, { "name": "CVE-2024-33883", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883" }, { "name": "CVE-2023-40373", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40373" }, { "name": "CVE-2021-41186", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41186" }, { "name": "CVE-2024-0406", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406" }, { "name": "CVE-2024-45590", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590" }, { "name": "CVE-2023-38728", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38728" }, { "name": "CVE-2024-33599", "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599" }, { "name": "CVE-2024-45491", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491" }, { "name": "CVE-2023-38720", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38720" }, { "name": "CVE-2024-47554", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554" }, { "name": "CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "name": "CVE-2023-41993", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41993" }, { "name": "CVE-2023-39976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976" }, { "name": "CVE-2024-41946", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946" }, { "name": "CVE-2024-41110", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110" }, { "name": "CVE-2023-21937", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937" }, { "name": "CVE-2024-27281", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27281" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2022-0759", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0759" }, { "name": "CVE-2024-2398", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398" }, { "name": "CVE-2023-2597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597" }, { "name": "CVE-2024-6119", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119" }, { "name": "CVE-2024-37890", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890" }, { "name": "CVE-2023-21968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968" }, { "name": "CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "name": "CVE-2023-21930", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "name": "CVE-2021-32740", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32740" }, { "name": "CVE-2023-40374", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40374" }, { "name": "CVE-2024-47220", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47220" }, { "name": "CVE-2024-6387", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387" }, { "name": "CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "name": "CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "name": "CVE-2024-39689", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689" }, { "name": "CVE-2023-21967", "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967" }, { "name": "CVE-2024-41123", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123" }, { "name": "CVE-2023-40372", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40372" }, { "name": "CVE-2024-2961", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961" }, { "name": "CVE-2023-6597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" }, { "name": "CVE-2024-37371", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371" }, { "name": "CVE-2024-6345", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345" } ], "initial_release_date": "2025-01-03T00:00:00", "last_revision_date": "2025-01-03T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0003", "revisions": [ { "description": "Version initiale", "revision_date": "2025-01-03T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2025-01-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180133", "url": "https://www.ibm.com/support/pages/node/7180133" }, { "published_at": "2025-01-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180137", "url": "https://www.ibm.com/support/pages/node/7180137" }, { "published_at": "2025-01-01", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180105", "url": "https://www.ibm.com/support/pages/node/7180105" }, { "published_at": "2025-01-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180134", "url": "https://www.ibm.com/support/pages/node/7180134" }, { "published_at": "2025-01-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180135", "url": "https://www.ibm.com/support/pages/node/7180135" }, { "published_at": "2025-01-02", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180138", "url": "https://www.ibm.com/support/pages/node/7180138" } ] }
CERTFR-2024-AVI-0529
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Vendor | Product | Description | ||
---|---|---|---|---|
IBM | N/A | IBM WebSphere Hybrid Edition version 5.1 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
IBM | Cloud Pak | IBM Cognos Dashboards sur Cloud Pak for Data versions antérieures à 5.0 | ||
IBM | N/A | WebSphere Service Registry and Repository version 8.5 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
IBM | N/A | IBM WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de sécurité (APAR PH61504) pour IBM WebSphere Application Server | ||
IBM | Cognos Analytics | IBM Cognos Analytics versions 12.x antérieures à 12.0.3 IF1 | ||
IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 |
Title | Publication Time | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "IBM WebSphere Hybrid Edition version 5.1 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Cognos Dashboards sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.0", "product": { "name": "Cloud Pak", "vendor": { "name": "IBM", "scada": false } } }, { "description": "WebSphere Service Registry and Repository version 8.5 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9 (APAR PH61504) pour IBM WebSphere Application Server", "product": { "name": "N/A", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.3 IF1", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } }, { "description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4", "product": { "name": "Cognos Analytics", "vendor": { "name": "IBM", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-20919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919" }, { "name": "CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "name": "CVE-2024-1597", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597" }, { "name": "CVE-2024-37532", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37532" }, { "name": "CVE-2023-52425", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425" }, { "name": "CVE-2017-20189", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20189" }, { "name": "CVE-2010-4756", "url": "https://www.cve.org/CVERecord?id=CVE-2010-4756" }, { "name": "CVE-2024-20926", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926" }, { "name": "CVE-2024-28757", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757" }, { "name": "CVE-2024-27322", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27322" }, { "name": "CVE-2023-52426", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426" }, { "name": "CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "name": "CVE-2022-3715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3715" }, { "name": "CVE-2024-20921", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921" }, { "name": "CVE-2023-5363", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363" }, { "name": "CVE-2023-22081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081" }, { "name": "CVE-2022-29622", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29622" }, { "name": "CVE-2019-0231", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0231" }, { "name": "CVE-2024-25041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25041" }, { "name": "CVE-2023-38552", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38552" }, { "name": "CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "name": "CVE-2023-22067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067" }, { "name": "CVE-2021-41973", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41973" }, { "name": "CVE-2024-21634", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634" }, { "name": "CVE-2023-46750", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46750" }, { "name": "CVE-2023-46749", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46749" }, { "name": "CVE-2021-36770", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36770" }, { "name": "CVE-2024-28233", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28233" }, { "name": "CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "name": "CVE-2023-37466", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37466" }, { "name": "CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "name": "CVE-2023-37903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37903" }, { "name": "CVE-2023-33850", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850" }, { "name": "CVE-2021-20086", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20086" }, { "name": "CVE-2017-20162", "url": "https://www.cve.org/CVERecord?id=CVE-2017-20162" }, { "name": "CVE-2023-44483", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483" }, { "name": "CVE-2023-5676", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676" }, { "name": "CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "name": "CVE-2024-20918", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918" }, { "name": "CVE-2018-9466", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9466" }, { "name": "CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "name": "CVE-2024-25053", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25053" }, { "name": "CVE-2023-39331", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39331" }, { "name": "CVE-2024-20945", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945" }, { "name": "CVE-2021-3377", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3377" }, { "name": "CVE-2022-24903", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24903" }, { "name": "CVE-2023-39332", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332" }, { "name": "CVE-2023-39333", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39333" }, { "name": "CVE-2023-26159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159" }, { "name": "CVE-2024-20952", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952" } ], "initial_release_date": "2024-06-28T00:00:00", "last_revision_date": "2024-06-28T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0529", "revisions": [ { "description": "Version initiale", "revision_date": "2024-06-28T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" }, { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Injection de code indirecte \u00e0 distance (XSS)" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM", "vendor_advisories": [ { "published_at": "2024-06-27", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7156941", "url": "https://www.ibm.com/support/pages/node/7156941" }, { "published_at": "2024-06-24", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7158537", "url": "https://www.ibm.com/support/pages/node/7158537" }, { "published_at": "2024-06-27", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7157712", "url": "https://www.ibm.com/support/pages/node/7157712" }, { "published_at": "2024-06-25", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7158652", "url": "https://www.ibm.com/support/pages/node/7158652" }, { "published_at": "2024-06-24", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7158539", "url": "https://www.ibm.com/support/pages/node/7158539" }, { "published_at": "2024-06-26", "title": "Bulletin de s\u00e9curit\u00e9 IBM 7158762", "url": "https://www.ibm.com/support/pages/node/7158762" } ] }
WID-SEC-W-2024-0627
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Rational Application Developer ist eine integrierte Entwicklungsumgebung der Firma IBM f\u00fcr die Entwicklung und Analyse von Web-, Webservices-, Java-, J2EE- und Portalanwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Rational Application Developer for WebSphere Software ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0627 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0627.json" }, { "category": "self", "summary": "WID-SEC-2024-0627 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0627" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-03-13", "url": "https://www.ibm.com/support/pages/node/7140984" } ], "source_lang": "en-US", "title": "IBM Rational Application Developer for WebSphere Software: Schwachstelle erm\u00f6glicht Offenlegung von Informationen", "tracking": { "current_release_date": "2024-03-13T23:00:00.000+00:00", "generator": { "date": "2024-08-15T18:06:26.695+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2024-0627", "initial_release_date": "2024-03-13T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-13T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "9.6", "product": { "name": "IBM Rational Application Developer for WebSphere Software 9.6", "product_id": "T033488", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_application_developer_for_websphere_software:9.6" } } }, { "category": "product_version", "name": "9.7", "product": { "name": "IBM Rational Application Developer for WebSphere Software 9.7", "product_id": "T033489", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_application_developer_for_websphere_software:9.7" } } } ], "category": "product_name", "name": "Rational Application Developer for WebSphere Software" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33850", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Rational Application Developer for WebSphere Software. Dieser Fehler besteht in der Komponente GSKit-Crypto aufgrund eines zeitbasierten Seitenkanals in der RSA-Entschl\u00fcsselungsimplementierung. Durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Testmeldungen zur Entschl\u00fcsselung kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T033488", "T033489" ] }, "release_date": "2024-03-13T23:00:00.000+00:00", "title": "CVE-2023-33850" } ] }
wid-sec-w-2024-0627
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Rational Application Developer ist eine integrierte Entwicklungsumgebung der Firma IBM f\u00fcr die Entwicklung und Analyse von Web-, Webservices-, Java-, J2EE- und Portalanwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Rational Application Developer for WebSphere Software ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0627 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0627.json" }, { "category": "self", "summary": "WID-SEC-2024-0627 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0627" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-03-13", "url": "https://www.ibm.com/support/pages/node/7140984" } ], "source_lang": "en-US", "title": "IBM Rational Application Developer for WebSphere Software: Schwachstelle erm\u00f6glicht Offenlegung von Informationen", "tracking": { "current_release_date": "2024-03-13T23:00:00.000+00:00", "generator": { "date": "2024-08-15T18:06:26.695+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2024-0627", "initial_release_date": "2024-03-13T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-13T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "9.6", "product": { "name": "IBM Rational Application Developer for WebSphere Software 9.6", "product_id": "T033488", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_application_developer_for_websphere_software:9.6" } } }, { "category": "product_version", "name": "9.7", "product": { "name": "IBM Rational Application Developer for WebSphere Software 9.7", "product_id": "T033489", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_application_developer_for_websphere_software:9.7" } } } ], "category": "product_name", "name": "Rational Application Developer for WebSphere Software" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33850", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Rational Application Developer for WebSphere Software. Dieser Fehler besteht in der Komponente GSKit-Crypto aufgrund eines zeitbasierten Seitenkanals in der RSA-Entschl\u00fcsselungsimplementierung. Durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Testmeldungen zur Entschl\u00fcsselung kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T033488", "T033489" ] }, "release_date": "2024-03-13T23:00:00.000+00:00", "title": "CVE-2023-33850" } ] }
wid-sec-w-2024-0769
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0769 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0769.json" }, { "category": "self", "summary": "WID-SEC-2024-0769 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0769" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-02", "url": "https://www.ibm.com/support/pages/node/7145704" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3949-1 vom 2024-11-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019796.html" } ], "source_lang": "en-US", "title": "IBM Rational Build Forge: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-07T23:00:00.000+00:00", "generator": { "date": "2024-11-08T11:11:40.811+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-0769", "initial_release_date": "2024-04-02T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-02T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-11-07T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c8.0.0.26", "product": { "name": "IBM Rational Build Forge \u003c8.0.0.26", "product_id": "T033838" } }, { "category": "product_version", "name": "8.0.0.26", "product": { "name": "IBM Rational Build Forge 8.0.0.26", "product_id": "T033838-fixed", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.26" } } } ], "category": "product_name", "name": "Rational Build Forge" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-22067", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-22067" }, { "cve": "CVE-2023-22081", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-22081" }, { "cve": "CVE-2023-31122", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-31122" }, { "cve": "CVE-2023-33850", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-33850" }, { "cve": "CVE-2023-43622", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-43622" }, { "cve": "CVE-2023-45802", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-45802" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-5676", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-5676" }, { "cve": "CVE-2023-5678", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-5678" }, { "cve": "CVE-2023-6129", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-6129" }, { "cve": "CVE-2023-6237", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-6237" }, { "cve": "CVE-2023-6710", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-6710" }, { "cve": "CVE-2024-0727", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-0727" }, { "cve": "CVE-2024-20918", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20918" }, { "cve": "CVE-2024-20919", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20919" }, { "cve": "CVE-2024-20921", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20921" }, { "cve": "CVE-2024-20926", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20926" }, { "cve": "CVE-2024-20945", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20945" }, { "cve": "CVE-2024-20952", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20952" }, { "cve": "CVE-2024-21733", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-21733" }, { "cve": "CVE-2024-23672", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-23672" }, { "cve": "CVE-2024-24549", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-24549" } ] }
WID-SEC-W-2023-2550
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Rational ClearQuest stellt eine L\u00f6sung zur Fehler- und \u00c4nderungsverfolgung zur Verf\u00fcgung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational ClearQuest ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2550 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2550.json" }, { "category": "self", "summary": "WID-SEC-2023-2550 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2550" }, { "category": "external", "summary": "IBM Security Bulletin 7130904 vom 2024-03-08", "url": "https://www.ibm.com/support/pages/node/7130904" }, { "category": "external", "summary": "IBM Security Bulletin vom 2023-10-03", "url": "https://www.ibm.com/support/pages/node/7041679" }, { "category": "external", "summary": "IBM Security Bulletin 7149801 vom 2024-04-30", "url": "https://www.ibm.com/support/pages/node/7149801" } ], "source_lang": "en-US", "title": "IBM Rational ClearQuest: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-29T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:59:23.892+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-2550", "initial_release_date": "2023-10-03T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-03T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-07T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-04-29T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "7.3", "product": { "name": "IBM AIX 7.3", "product_id": "1139691", "product_identification_helper": { "cpe": "cpe:/o:ibm:aix:7.3" } } }, { "category": "product_version", "name": "7.2", "product": { "name": "IBM AIX 7.2", "product_id": "434967", "product_identification_helper": { "cpe": "cpe:/o:ibm:aix:7.2" } } } ], "category": "product_name", "name": "AIX" }, { "category": "product_name", "name": "IBM MQ", "product": { "name": "IBM MQ", "product_id": "T021398", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c10.0.3", "product": { "name": "IBM Rational ClearQuest \u003c10.0.3", "product_id": "T030177" } }, { "category": "product_version_range", "name": "\u003c9.0.2.8", "product": { "name": "IBM Rational ClearQuest \u003c9.0.2.8", "product_id": "T030204" } }, { "category": "product_version_range", "name": "\u003c9.1.0.5", "product": { "name": "IBM Rational ClearQuest \u003c9.1.0.5", "product_id": "T030211" } } ], "category": "product_name", "name": "Rational ClearQuest" }, { "branches": [ { "category": "product_version", "name": "3.1", "product": { "name": "IBM VIOS 3.1", "product_id": "1039165", "product_identification_helper": { "cpe": "cpe:/a:ibm:vios:3.1" } } }, { "category": "product_version", "name": "4.1", "product": { "name": "IBM VIOS 4.1", "product_id": "1522854", "product_identification_helper": { "cpe": "cpe:/a:ibm:vios:4.1" } } } ], "category": "product_name", "name": "VIOS" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-32342", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in IBM Rational ClearQuest. Diese werden durch einen zeitbasierten Seitenkanal in der RSA-Entschl\u00fcsselungsimplementierung im IBM GSKit-Crypto verursacht. Ein entfernter, anonymer Angreifer kann diese Schwachstellen durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Versuchsnachrichten ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "1139691", "434967", "1039165", "1522854", "T021398" ] }, "release_date": "2023-10-03T22:00:00.000+00:00", "title": "CVE-2023-32342" }, { "cve": "CVE-2023-33850", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in IBM Rational ClearQuest. Diese werden durch einen zeitbasierten Seitenkanal in der RSA-Entschl\u00fcsselungsimplementierung im IBM GSKit-Crypto verursacht. Ein entfernter, anonymer Angreifer kann diese Schwachstellen durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Versuchsnachrichten ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "1139691", "434967", "1039165", "1522854", "T021398" ] }, "release_date": "2023-10-03T22:00:00.000+00:00", "title": "CVE-2023-33850" } ] }
WID-SEC-W-2024-0769
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0769 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0769.json" }, { "category": "self", "summary": "WID-SEC-2024-0769 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0769" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-02", "url": "https://www.ibm.com/support/pages/node/7145704" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:3949-1 vom 2024-11-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019796.html" } ], "source_lang": "en-US", "title": "IBM Rational Build Forge: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-07T23:00:00.000+00:00", "generator": { "date": "2024-11-08T11:11:40.811+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-0769", "initial_release_date": "2024-04-02T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-02T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-11-07T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c8.0.0.26", "product": { "name": "IBM Rational Build Forge \u003c8.0.0.26", "product_id": "T033838" } }, { "category": "product_version", "name": "8.0.0.26", "product": { "name": "IBM Rational Build Forge 8.0.0.26", "product_id": "T033838-fixed", "product_identification_helper": { "cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.26" } } } ], "category": "product_name", "name": "Rational Build Forge" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-22067", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-22067" }, { "cve": "CVE-2023-22081", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-22081" }, { "cve": "CVE-2023-31122", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-31122" }, { "cve": "CVE-2023-33850", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-33850" }, { "cve": "CVE-2023-43622", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-43622" }, { "cve": "CVE-2023-45802", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-45802" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-5676", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-5676" }, { "cve": "CVE-2023-5678", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-5678" }, { "cve": "CVE-2023-6129", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-6129" }, { "cve": "CVE-2023-6237", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-6237" }, { "cve": "CVE-2023-6710", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2023-6710" }, { "cve": "CVE-2024-0727", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-0727" }, { "cve": "CVE-2024-20918", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20918" }, { "cve": "CVE-2024-20919", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20919" }, { "cve": "CVE-2024-20921", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20921" }, { "cve": "CVE-2024-20926", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20926" }, { "cve": "CVE-2024-20945", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20945" }, { "cve": "CVE-2024-20952", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-20952" }, { "cve": "CVE-2024-21733", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-21733" }, { "cve": "CVE-2024-23672", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-23672" }, { "cve": "CVE-2024-24549", "notes": [ { "category": "description", "text": "In IBM Rational Build Forge existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten von Drittanbietern, u.a. Oracle Java SE, Apache HTTP Server, OpenSSL und Apache Tomcat. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur Ausnutzung einiger dieser Schwachstellen ist eine Nutzeraktion oder bestimmte Berechtigungen erforderlich." } ], "product_status": { "known_affected": [ "T002207", "T033838" ] }, "release_date": "2024-04-02T22:00:00.000+00:00", "title": "CVE-2024-24549" } ] }
wid-sec-w-2023-2550
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Rational ClearQuest stellt eine L\u00f6sung zur Fehler- und \u00c4nderungsverfolgung zur Verf\u00fcgung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational ClearQuest ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2550 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2550.json" }, { "category": "self", "summary": "WID-SEC-2023-2550 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2550" }, { "category": "external", "summary": "IBM Security Bulletin 7130904 vom 2024-03-08", "url": "https://www.ibm.com/support/pages/node/7130904" }, { "category": "external", "summary": "IBM Security Bulletin vom 2023-10-03", "url": "https://www.ibm.com/support/pages/node/7041679" }, { "category": "external", "summary": "IBM Security Bulletin 7149801 vom 2024-04-30", "url": "https://www.ibm.com/support/pages/node/7149801" } ], "source_lang": "en-US", "title": "IBM Rational ClearQuest: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-29T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:59:23.892+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-2550", "initial_release_date": "2023-10-03T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-03T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-07T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-04-29T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "7.3", "product": { "name": "IBM AIX 7.3", "product_id": "1139691", "product_identification_helper": { "cpe": "cpe:/o:ibm:aix:7.3" } } }, { "category": "product_version", "name": "7.2", "product": { "name": "IBM AIX 7.2", "product_id": "434967", "product_identification_helper": { "cpe": "cpe:/o:ibm:aix:7.2" } } } ], "category": "product_name", "name": "AIX" }, { "category": "product_name", "name": "IBM MQ", "product": { "name": "IBM MQ", "product_id": "T021398", "product_identification_helper": { "cpe": "cpe:/a:ibm:mq:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c10.0.3", "product": { "name": "IBM Rational ClearQuest \u003c10.0.3", "product_id": "T030177" } }, { "category": "product_version_range", "name": "\u003c9.0.2.8", "product": { "name": "IBM Rational ClearQuest \u003c9.0.2.8", "product_id": "T030204" } }, { "category": "product_version_range", "name": "\u003c9.1.0.5", "product": { "name": "IBM Rational ClearQuest \u003c9.1.0.5", "product_id": "T030211" } } ], "category": "product_name", "name": "Rational ClearQuest" }, { "branches": [ { "category": "product_version", "name": "3.1", "product": { "name": "IBM VIOS 3.1", "product_id": "1039165", "product_identification_helper": { "cpe": "cpe:/a:ibm:vios:3.1" } } }, { "category": "product_version", "name": "4.1", "product": { "name": "IBM VIOS 4.1", "product_id": "1522854", "product_identification_helper": { "cpe": "cpe:/a:ibm:vios:4.1" } } } ], "category": "product_name", "name": "VIOS" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-32342", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in IBM Rational ClearQuest. Diese werden durch einen zeitbasierten Seitenkanal in der RSA-Entschl\u00fcsselungsimplementierung im IBM GSKit-Crypto verursacht. Ein entfernter, anonymer Angreifer kann diese Schwachstellen durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Versuchsnachrichten ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "1139691", "434967", "1039165", "1522854", "T021398" ] }, "release_date": "2023-10-03T22:00:00.000+00:00", "title": "CVE-2023-32342" }, { "cve": "CVE-2023-33850", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in IBM Rational ClearQuest. Diese werden durch einen zeitbasierten Seitenkanal in der RSA-Entschl\u00fcsselungsimplementierung im IBM GSKit-Crypto verursacht. Ein entfernter, anonymer Angreifer kann diese Schwachstellen durch das Senden einer \u00fcberm\u00e4\u00dfig gro\u00dfen Anzahl von Versuchsnachrichten ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "1139691", "434967", "1039165", "1522854", "T021398" ] }, "release_date": "2023-10-03T22:00:00.000+00:00", "title": "CVE-2023-33850" } ] }
fkie_cve-2023-33850
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
URL | Tags | ||
---|---|---|---|
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7010369 | Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7022413 | Vendor Advisory | |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7022414 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7010369 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7022413 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7022414 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
ibm | txseries_for_multiplatform | 8.1 | |
ibm | txseries_for_multiplatform | 9.1 | |
ibm | aix | - | |
linux | linux_kernel | - | |
ibm | txseries_for_multiplatform | 8.2 | |
hp | hp-ux | - | |
ibm | aix | - | |
linux | linux_kernel | - | |
microsoft | windows | - | |
ibm | cics_tx | 11.1 | |
linux | linux_kernel | - | |
ibm | cics_tx | 10.1 | |
ibm | cics_tx | 11.1 | |
linux | linux_kernel | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D5EA02F-AA81-4101-9CE2-46ED4DE76B25", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "569BF866-989C-4BF4-B80E-962F8979FD8B", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB032B5B-3B05-4809-8BF2-E08255E19475", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information." } ], "id": "CVE-2023-33850", "lastModified": "2024-11-21T08:06:04.500", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-08-22T21:15:07.837", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7010369" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7022413" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7022414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7010369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7022413" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7022414" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-203" } ], "source": "psirt@us.ibm.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-203" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
gsd-2023-33850
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2023-33850", "id": "GSD-2023-33850" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-33850" ], "details": "\nIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.\n\n", "id": "GSD-2023-33850", "modified": "2023-12-13T01:20:36.263504Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2023-33850", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "TXSeries for Multiplatforms", "version": { "version_data": [ { "version_affected": "=", "version_value": "8.1, 8.2, 9.1" } ] } }, { "product_name": "CICS TX Standard", "version": { "version_data": [ { "version_affected": "=", "version_value": "11.1" } ] } }, { "product_name": "CICS TX Advanced", "version": { "version_data": [ { "version_affected": "=", "version_value": "10.1, 11.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "\nIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.\n\n" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "208 Information Exposure Through Timing Discrepancy" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/7010369", "refsource": "MISC", "url": "https://www.ibm.com/support/pages/node/7010369" }, { "name": "https://www.ibm.com/support/pages/node/7022413", "refsource": "MISC", "url": "https://www.ibm.com/support/pages/node/7022413" }, { "name": "https://www.ibm.com/support/pages/node/7022414", "refsource": "MISC", "url": "https://www.ibm.com/support/pages/node/7022414" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132" } ] }, "source": { "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2023-33850" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "\nIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-203" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/7022413", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7022413" }, { "name": "https://www.ibm.com/support/pages/node/7022414", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7022414" }, { "name": "https://www.ibm.com/support/pages/node/7010369", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/7010369" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132", "refsource": "MISC", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-08-28T19:51Z", "publishedDate": "2023-08-22T21:15Z" } } }
suse-su-2024:0619-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for java-1_8_0-ibm", "title": "Title of the patch" }, { "category": "description", "text": "This update for java-1_8_0-ibm fixes the following issues:\n\nUpdate to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843]\n\nSecurity fixes:\n\n- CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843).\n- CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908).\n- CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911).\n- CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907).\n- CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905).\n- CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903).\n- CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).\n- CVE-2024-20945: Fixed logging of digital signature private keys (bsc#1218909).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-619,SUSE-SLE-Module-Legacy-15-SP5-2024-619,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-619,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-619,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-619,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-619,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-619,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-619,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-619,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-619,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-619,SUSE-Storage-7.1-2024-619,openSUSE-SLE-15.5-2024-619", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0619-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:0619-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240619-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:0619-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018007.html" }, { "category": "self", "summary": "SUSE Bug 1218903", "url": "https://bugzilla.suse.com/1218903" }, { "category": "self", "summary": "SUSE Bug 1218905", "url": "https://bugzilla.suse.com/1218905" }, { "category": "self", "summary": "SUSE Bug 1218906", "url": "https://bugzilla.suse.com/1218906" }, { "category": "self", "summary": "SUSE Bug 1218907", "url": "https://bugzilla.suse.com/1218907" }, { "category": "self", "summary": "SUSE Bug 1218908", "url": "https://bugzilla.suse.com/1218908" }, { "category": "self", "summary": "SUSE Bug 1218909", "url": "https://bugzilla.suse.com/1218909" }, { "category": "self", "summary": "SUSE Bug 1218911", "url": "https://bugzilla.suse.com/1218911" }, { "category": "self", "summary": "SUSE Bug 1219843", "url": "https://bugzilla.suse.com/1219843" }, { "category": "self", "summary": "SUSE CVE CVE-2023-33850 page", "url": "https://www.suse.com/security/cve/CVE-2023-33850/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20918 page", "url": "https://www.suse.com/security/cve/CVE-2024-20918/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20919 page", "url": "https://www.suse.com/security/cve/CVE-2024-20919/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20921 page", "url": "https://www.suse.com/security/cve/CVE-2024-20921/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20926 page", "url": "https://www.suse.com/security/cve/CVE-2024-20926/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20932 page", "url": "https://www.suse.com/security/cve/CVE-2024-20932/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20945 page", "url": "https://www.suse.com/security/cve/CVE-2024-20945/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20952 page", "url": "https://www.suse.com/security/cve/CVE-2024-20952/" } ], "title": "Security update for java-1_8_0-ibm", "tracking": { "current_release_date": "2024-02-26T11:20:16Z", "generator": { "date": "2024-02-26T11:20:16Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:0619-1", "initial_release_date": "2024-02-26T11:20:16Z", "revision_history": [ { "date": "2024-02-26T11:20:16Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.i586", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.i586", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.i586", "product": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.i586", "product_id": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.i586", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.i586", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.i586", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.i586", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.i586", "product": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.i586", "product_id": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.i586", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.i586", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Module for Legacy 15 SP5", "product": { "name": "SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-module-legacy:15:sp5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product": { "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:15:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15 SP3-LTSS", "product": { "name": "SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:15:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 15 SP4-LTSS", "product": { "name": "SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:sles-ltss:15:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:15:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:15:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:15:sp4" } } }, { "category": "product_name", "name": "SUSE Enterprise Storage 7.1", "product": { "name": "SUSE Enterprise Storage 7.1", "product_id": "SUSE Enterprise Storage 7.1", "product_identification_helper": { "cpe": "cpe:/o:suse:ses:7.1" } } }, { "category": "product_name", "name": "openSUSE Leap 15.5", "product": { "name": "openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.5" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", "product_id": "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Enterprise Storage 7.1", "product_id": "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 7.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Enterprise Storage 7.1", "product_id": "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 7.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Enterprise Storage 7.1", "product_id": "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 7.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of SUSE Enterprise Storage 7.1", "product_id": "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "SUSE Enterprise Storage 7.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x" }, "product_reference": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "relates_to_product_reference": "openSUSE Leap 15.5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64 as component of openSUSE Leap 15.5", "product_id": "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" }, "product_reference": "java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64", "relates_to_product_reference": "openSUSE Leap 15.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-33850" } ], "notes": [ { "category": "general", "text": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2023-33850", "url": "https://www.suse.com/security/cve/CVE-2023-33850" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2023-33850", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "important" } ], "title": "CVE-2023-33850" }, { "cve": "CVE-2024-20918", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20918" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20918", "url": "https://www.suse.com/security/cve/CVE-2024-20918" }, { "category": "external", "summary": "SUSE Bug 1218907 for CVE-2024-20918", "url": "https://bugzilla.suse.com/1218907" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20918", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "important" } ], "title": "CVE-2024-20918" }, { "cve": "CVE-2024-20919", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20919" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20919", "url": "https://www.suse.com/security/cve/CVE-2024-20919" }, { "category": "external", "summary": "SUSE Bug 1218903 for CVE-2024-20919", "url": "https://bugzilla.suse.com/1218903" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20919", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "moderate" } ], "title": "CVE-2024-20919" }, { "cve": "CVE-2024-20921", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20921" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20921", "url": "https://www.suse.com/security/cve/CVE-2024-20921" }, { "category": "external", "summary": "SUSE Bug 1218905 for CVE-2024-20921", "url": "https://bugzilla.suse.com/1218905" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20921", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "moderate" } ], "title": "CVE-2024-20921" }, { "cve": "CVE-2024-20926", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20926" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20926", "url": "https://www.suse.com/security/cve/CVE-2024-20926" }, { "category": "external", "summary": "SUSE Bug 1218906 for CVE-2024-20926", "url": "https://bugzilla.suse.com/1218906" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20926", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "moderate" } ], "title": "CVE-2024-20926" }, { "cve": "CVE-2024-20932", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20932" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20932", "url": "https://www.suse.com/security/cve/CVE-2024-20932" }, { "category": "external", "summary": "SUSE Bug 1218908 for CVE-2024-20932", "url": "https://bugzilla.suse.com/1218908" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20932", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "important" } ], "title": "CVE-2024-20932" }, { "cve": "CVE-2024-20945", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20945" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20945", "url": "https://www.suse.com/security/cve/CVE-2024-20945" }, { "category": "external", "summary": "SUSE Bug 1218909 for CVE-2024-20945", "url": "https://bugzilla.suse.com/1218909" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20945", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "moderate" } ], "title": "CVE-2024-20945" }, { "cve": "CVE-2024-20952", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20952" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20952", "url": "https://www.suse.com/security/cve/CVE-2024-20952" }, { "category": "external", "summary": "SUSE Bug 1218911 for CVE-2024-20952", "url": "https://bugzilla.suse.com/1218911" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20952", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.20-150000.3.86.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-26T11:20:16Z", "details": "important" } ], "title": "CVE-2024-20952" } ] }
suse-su-2024:0605-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for java-1_8_0-ibm", "title": "Title of the patch" }, { "category": "description", "text": "This update for java-1_8_0-ibm fixes the following issues:\n\nUpdate to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843]\n\nSecurity fixes:\n\n- CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843).\n- CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908).\n- CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911).\n- CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907).\n- CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905).\n- CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903).\n- CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).\n- CVE-2024-20945: Fixed logging of digital signature private keys (bsc#1218909).\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-2024-605,SUSE-SLE-SDK-12-SP5-2024-605,SUSE-SLE-SERVER-12-SP5-2024-605", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0605-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2024:0605-1", "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240605-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2024:0605-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018004.html" }, { "category": "self", "summary": "SUSE Bug 1218903", "url": "https://bugzilla.suse.com/1218903" }, { "category": "self", "summary": "SUSE Bug 1218905", "url": "https://bugzilla.suse.com/1218905" }, { "category": "self", "summary": "SUSE Bug 1218906", "url": "https://bugzilla.suse.com/1218906" }, { "category": "self", "summary": "SUSE Bug 1218907", "url": "https://bugzilla.suse.com/1218907" }, { "category": "self", "summary": "SUSE Bug 1218908", "url": "https://bugzilla.suse.com/1218908" }, { "category": "self", "summary": "SUSE Bug 1218909", "url": "https://bugzilla.suse.com/1218909" }, { "category": "self", "summary": "SUSE Bug 1218911", "url": "https://bugzilla.suse.com/1218911" }, { "category": "self", "summary": "SUSE Bug 1219843", "url": "https://bugzilla.suse.com/1219843" }, { "category": "self", "summary": "SUSE CVE CVE-2023-33850 page", "url": "https://www.suse.com/security/cve/CVE-2023-33850/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20918 page", "url": "https://www.suse.com/security/cve/CVE-2024-20918/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20919 page", "url": "https://www.suse.com/security/cve/CVE-2024-20919/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20921 page", "url": "https://www.suse.com/security/cve/CVE-2024-20921/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20926 page", "url": "https://www.suse.com/security/cve/CVE-2024-20926/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20932 page", "url": "https://www.suse.com/security/cve/CVE-2024-20932/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20945 page", "url": "https://www.suse.com/security/cve/CVE-2024-20945/" }, { "category": "self", "summary": "SUSE CVE CVE-2024-20952 page", "url": "https://www.suse.com/security/cve/CVE-2024-20952/" } ], "title": "Security update for java-1_8_0-ibm", "tracking": { "current_release_date": "2024-02-23T15:31:04Z", "generator": { "date": "2024-02-23T15:31:04Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2024:0605-1", "initial_release_date": "2024-02-23T15:31:04Z", "revision_history": [ { "date": "2024-02-23T15:31:04Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.i586", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.i586", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.i586", "product": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.i586", "product_id": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.i586", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.i586", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.i586", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.i586", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.i586", "product": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.i586", "product_id": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.i586" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.i586", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.i586", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.ppc64le", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.ppc64le", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.ppc64le" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.ppc64le", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.ppc64le", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.s390", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.s390", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.s390" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.s390", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.s390", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.s390" } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-30.120.1.s390x", "product": { "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-30.120.1.s390x", "product_id": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-30.120.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.s390x", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.s390x", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-30.120.1.s390x", "product": { "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-30.120.1.s390x", "product_id": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-30.120.1.s390x" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.s390x", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.s390x", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-32bit-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64" } }, { "category": "product_version", "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.x86_64", "product": { "name": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.x86_64", "product_id": "java-1_8_0-ibm-src-1.8.0_sr8.20-30.120.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12 SP5", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12:sp5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12 SP5", "product": { "name": "SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12:sp5" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12:sp5" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", "product_id": "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64" }, "product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2023-33850" } ], "notes": [ { "category": "general", "text": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2023-33850", "url": "https://www.suse.com/security/cve/CVE-2023-33850" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2023-33850", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "important" } ], "title": "CVE-2023-33850" }, { "cve": "CVE-2024-20918", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20918" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20918", "url": "https://www.suse.com/security/cve/CVE-2024-20918" }, { "category": "external", "summary": "SUSE Bug 1218907 for CVE-2024-20918", "url": "https://bugzilla.suse.com/1218907" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20918", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "important" } ], "title": "CVE-2024-20918" }, { "cve": "CVE-2024-20919", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20919" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20919", "url": "https://www.suse.com/security/cve/CVE-2024-20919" }, { "category": "external", "summary": "SUSE Bug 1218903 for CVE-2024-20919", "url": "https://bugzilla.suse.com/1218903" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20919", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "moderate" } ], "title": "CVE-2024-20919" }, { "cve": "CVE-2024-20921", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20921" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20921", "url": "https://www.suse.com/security/cve/CVE-2024-20921" }, { "category": "external", "summary": "SUSE Bug 1218905 for CVE-2024-20921", "url": "https://bugzilla.suse.com/1218905" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20921", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "moderate" } ], "title": "CVE-2024-20921" }, { "cve": "CVE-2024-20926", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20926" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20926", "url": "https://www.suse.com/security/cve/CVE-2024-20926" }, { "category": "external", "summary": "SUSE Bug 1218906 for CVE-2024-20926", "url": "https://bugzilla.suse.com/1218906" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20926", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "moderate" } ], "title": "CVE-2024-20926" }, { "cve": "CVE-2024-20932", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20932" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20932", "url": "https://www.suse.com/security/cve/CVE-2024-20932" }, { "category": "external", "summary": "SUSE Bug 1218908 for CVE-2024-20932", "url": "https://bugzilla.suse.com/1218908" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20932", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "important" } ], "title": "CVE-2024-20932" }, { "cve": "CVE-2024-20945", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20945" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20945", "url": "https://www.suse.com/security/cve/CVE-2024-20945" }, { "category": "external", "summary": "SUSE Bug 1218909 for CVE-2024-20945", "url": "https://bugzilla.suse.com/1218909" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20945", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "moderate" } ], "title": "CVE-2024-20945" }, { "cve": "CVE-2024-20952", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2024-20952" } ], "notes": [ { "category": "general", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2024-20952", "url": "https://www.suse.com/security/cve/CVE-2024-20952" }, { "category": "external", "summary": "SUSE Bug 1218911 for CVE-2024-20952", "url": "https://bugzilla.suse.com/1218911" }, { "category": "external", "summary": "SUSE Bug 1219843 for CVE-2024-20952", "url": "https://bugzilla.suse.com/1219843" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.20-30.120.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.20-30.120.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-02-23T15:31:04Z", "details": "important" } ], "title": "CVE-2024-20952" } ] }
ghsa-xxxm-cq2q-5v69
Vulnerability from github
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.
{ "affected": [], "aliases": [ "CVE-2023-33850" ], "database_specific": { "cwe_ids": [ "CWE-203" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-08-22T21:15:07Z", "severity": "HIGH" }, "details": "\nIBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.\n\n", "id": "GHSA-xxxm-cq2q-5v69", "modified": "2024-04-04T07:09:20Z", "published": "2023-08-22T21:30:28Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33850" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132" }, { "type": "WEB", "url": "https://www.ibm.com/support/pages/node/7010369" }, { "type": "WEB", "url": "https://www.ibm.com/support/pages/node/7022413" }, { "type": "WEB", "url": "https://www.ibm.com/support/pages/node/7022414" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.