Action not permitted
Modal body text goes here.
cve-2024-4603
Vulnerability from cvelistv5
Published
2024-05-16 15:21
Modified
2024-10-14 14:56
Severity ?
EPSS score ?
Summary
Excessive time spent checking DSA keys and parameters
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20240516.txt"
},
{
"name": "3.0.14 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397"
},
{
"name": "3.1.6 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d"
},
{
"name": "3.2.2 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740"
},
{
"name": "3.3.1 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0001/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "openssl",
"vendor": "openssl",
"versions": [
{
"lessThan": "3.0.14",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.6",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.3.1",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:27:25.638098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834 Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T15:11:57.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.14",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.6",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.3.1",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "OSS-Fuzz"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomas Mraz"
}
],
"datePublic": "2024-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Checking excessively long DSA keys or parameters may be very\u003cbr\u003eslow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions EVP_PKEY_param_check()\u003cbr\u003eor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\u003cbr\u003eexperience long delays. Where the key or parameters that are being checked\u003cbr\u003ehave been obtained from an untrusted source this may lead to a Denial of\u003cbr\u003eService.\u003cbr\u003e\u003cbr\u003eThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\u003cbr\u003evarious checks on DSA parameters. Some of those computations take a long time\u003cbr\u003eif the modulus (`p` parameter) is too large.\u003cbr\u003e\u003cbr\u003eTrying to use a very large modulus is slow and OpenSSL will not allow using\u003cbr\u003epublic keys with a modulus which is over 10,000 bits in length for signature\u003cbr\u003everification. However the key and parameter check functions do not limit\u003cbr\u003ethe modulus size when performing the checks.\u003cbr\u003e\u003cbr\u003eAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\u003cbr\u003eand supplies a key or parameters obtained from an untrusted source could be\u003cbr\u003evulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThese functions are not called by OpenSSL itself on untrusted DSA keys so\u003cbr\u003eonly applications that directly call these functions may be vulnerable.\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\u003cbr\u003ewhen using the `-check` option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue."
}
],
"value": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\nonly applications that directly call these functions may be vulnerable.\n\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\nwhen using the `-check` option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "CWE-606 Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T14:56:01.784Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20240516.txt"
},
{
"name": "3.0.14 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397"
},
{
"name": "3.1.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d"
},
{
"name": "3.2.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740"
},
{
"name": "3.3.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Excessive time spent checking DSA keys and parameters",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2024-4603",
"datePublished": "2024-05-16T15:21:20.050Z",
"dateReserved": "2024-05-07T11:44:02.196Z",
"dateUpdated": "2024-10-14T14:56:01.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4603\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2024-05-16T16:15:10.643\",\"lastModified\":\"2024-11-21T09:43:11.753\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Checking excessively long DSA keys or parameters may be very\\nslow.\\n\\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\\nexperience long delays. Where the key or parameters that are being checked\\nhave been obtained from an untrusted source this may lead to a Denial of\\nService.\\n\\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\\nvarious checks on DSA parameters. Some of those computations take a long time\\nif the modulus (`p` parameter) is too large.\\n\\nTrying to use a very large modulus is slow and OpenSSL will not allow using\\npublic keys with a modulus which is over 10,000 bits in length for signature\\nverification. However the key and parameter check functions do not limit\\nthe modulus size when performing the checks.\\n\\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\\nand supplies a key or parameters obtained from an untrusted source could be\\nvulnerable to a Denial of Service attack.\\n\\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\\nonly applications that directly call these functions may be vulnerable.\\n\\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\\nwhen using the `-check` option.\\n\\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\\n\\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Resumen del problema: la comprobaci\u00f3n de claves o par\u00e1metros DSA excesivamente largos puede resultar muy lenta. Resumen de impacto: las aplicaciones que utilizan las funciones EVP_PKEY_param_check() o EVP_PKEY_public_check() para comprobar una clave p\u00fablica de DSA o par\u00e1metros de DSA pueden experimentar grandes retrasos. Cuando la clave o los par\u00e1metros que se est\u00e1n verificando se obtuvieron de una fuente que no es confiable, esto puede dar lugar a una Denegaci\u00f3n de Servicio. Las funciones EVP_PKEY_param_check() o EVP_PKEY_public_check() realizan varias comprobaciones de los par\u00e1metros DSA. Algunos de esos c\u00e1lculos toman mucho tiempo si el m\u00f3dulo (par\u00e1metro `p`) es demasiado grande. Intentar utilizar un m\u00f3dulo muy grande es lento y OpenSSL no permitir\u00e1 el uso de claves p\u00fablicas con un m\u00f3dulo de m\u00e1s de 10.000 bits de longitud para la verificaci\u00f3n de firmas. Sin embargo, las funciones de verificaci\u00f3n de claves y par\u00e1metros no limitan el tama\u00f1o del m\u00f3dulo al realizar las verificaciones. Una aplicaci\u00f3n que llama a EVP_PKEY_param_check() o EVP_PKEY_public_check() y proporciona una clave o par\u00e1metros obtenidos de una fuente que no es de confianza podr\u00eda ser vulnerable a un ataque de denegaci\u00f3n de servicio. OpenSSL no llama a estas funciones en claves DSA que no son de confianza, por lo que solo las aplicaciones que llaman directamente a estas funciones pueden ser vulnerables. Tambi\u00e9n son vulnerables las aplicaciones de l\u00ednea de comandos OpenSSL pkey y pkeyparam cuando se usa la opci\u00f3n `-check`. La implementaci\u00f3n de OpenSSL SSL/TLS no se ve afectada por este problema. Los proveedores FIPS OpenSSL 3.0 y 3.1 se ven afectados por este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-606\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-834\"}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.openssl.org/news/secadv/20240516.txt\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/05/16/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv/20240516.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
ghsa-85xr-ghj6-6m46
Vulnerability from github
Published
2024-05-16 18:30
Modified
2024-08-13 18:31
Severity ?
Details
Issue summary: Checking excessively long DSA keys or parameters may be very slow.
Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service.
The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform
various checks on DSA parameters. Some of those computations take a long time
if the modulus (p parameter) is too large.
Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks.
An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack.
These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable.
Also vulnerable are the OpenSSL pkey and pkeyparam command line applications
when using the -check option.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2024-4603"
],
"database_specific": {
"cwe_ids": [
"CWE-606",
"CWE-834"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T16:15:10Z",
"severity": "MODERATE"
},
"details": "Issue summary: Checking excessively long DSA keys or parameters may be very\nslow.\n\nImpact summary: Applications that use the functions EVP_PKEY_param_check()\nor EVP_PKEY_public_check() to check a DSA public key or DSA parameters may\nexperience long delays. Where the key or parameters that are being checked\nhave been obtained from an untrusted source this may lead to a Denial of\nService.\n\nThe functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform\nvarious checks on DSA parameters. Some of those computations take a long time\nif the modulus (`p` parameter) is too large.\n\nTrying to use a very large modulus is slow and OpenSSL will not allow using\npublic keys with a modulus which is over 10,000 bits in length for signature\nverification. However the key and parameter check functions do not limit\nthe modulus size when performing the checks.\n\nAn application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()\nand supplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nThese functions are not called by OpenSSL itself on untrusted DSA keys so\nonly applications that directly call these functions may be vulnerable.\n\nAlso vulnerable are the OpenSSL pkey and pkeyparam command line applications\nwhen using the `-check` option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"id": "GHSA-85xr-ghj6-6m46",
"modified": "2024-08-13T18:31:13Z",
"published": "2024-05-16T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/9c39b3858091c152f52513c066ff2c5a47969f0d"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/da343d0605c826ef197aceedc67e8e04f065f740"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240621-0001"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20240516.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/05/16/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2024-1171
Vulnerability from csaf_certbund
Published
2024-05-16 22:00
Modified
2024-11-20 23:00
Summary
OpenSSL: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Appliance
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1171 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1171.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1171 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1171"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory 16th May 2024 vom 2024-05-16",
"url": "https://www.openssl.org/news/secadv/20240516.txt"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1789-1 vom 2024-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018603.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1947-1 vom 2024-06-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018663.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2066-1 vom 2024-06-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FEPGR4PUJO7QAVC45W5LDGC6S6WWRFPY/"
},
{
"category": "external",
"summary": "Meinberg Security Advisory vom 2024-07-22",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-04-lantime-firmware-v7-08-014.htm"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162032 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162032"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6937-1 vom 2024-07-31",
"url": "https://ubuntu.com/security/notices/USN-6937-1"
},
{
"category": "external",
"summary": "Securepoint UTM Changelog vom 2024-08-14",
"url": "https://wiki.securepoint.de/UTM/Changelog"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-013 vom 2024-09-05",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/09/Xerox-Security-Bulletin-XRX24-013-for-Xerox-FreeFlow-Print-Server-v2-_Windows10.pdf"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7173018 vom 2024-10-14",
"url": "https://www.ibm.com/support/pages/node/7173018"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9333 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9333"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024012 vom 2024-11-12",
"url": "https://www.insyde.com/security-pledge/SA-2024012"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2588 vom 2024-11-12",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24990"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2024-11-14",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04744en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10135 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:10135"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2024-11-20T23:00:00.000+00:00",
"generator": {
"date": "2024-11-21T13:14:48.736+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1171",
"initial_release_date": "2024-05-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Meinberg aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-12T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Insyde und BROCADE aufgenommen"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.0c",
"product": {
"name": "Broadcom Fabric OS \u003c9.2.0c",
"product_id": "T038914"
}
},
{
"category": "product_version",
"name": "9.2.0c",
"product": {
"name": "Broadcom Fabric OS 9.2.0c",
"product_id": "T038914-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:broadcom:fabric_operating_system:9.2.0c"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.1a1",
"product": {
"name": "Broadcom Fabric OS \u003c9.2.1a1",
"product_id": "T038915"
}
},
{
"category": "product_version",
"name": "9.2.1a1",
"product": {
"name": "Broadcom Fabric OS 9.2.1a1",
"product_id": "T038915-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:broadcom:fabric_operating_system:9.2.1a1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.2",
"product": {
"name": "Broadcom Fabric OS \u003c9.2.2",
"product_id": "T038916"
}
},
{
"category": "product_version",
"name": "9.2.2",
"product": {
"name": "Broadcom Fabric OS 9.2.2",
"product_id": "T038916-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:broadcom:fabric_operating_system:9.2.2"
}
}
}
],
"category": "product_name",
"name": "Fabric OS"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "OpenSSL Software \u003cA.03.00.15.001",
"product": {
"name": "HPE HP-UX OpenSSL Software \u003cA.03.00.15.001",
"product_id": "T039192"
}
},
{
"category": "product_version",
"name": "OpenSSL Software A.03.00.15.001",
"product": {
"name": "HPE HP-UX OpenSSL Software A.03.00.15.001",
"product_id": "T039192-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:hp:hp-ux:openssl_software__a.03.00.15.001"
}
}
}
],
"category": "product_name",
"name": "HP-UX"
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.27",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.27",
"product_id": "T038286"
}
},
{
"category": "product_version",
"name": "8.0.0.27",
"product": {
"name": "IBM Rational Build Forge 8.0.0.27",
"product_id": "T038286-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.27"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cRV24.06.3",
"product": {
"name": "Insyde UEFI Firmware \u003cRV24.06.3",
"product_id": "T038993"
}
},
{
"category": "product_version",
"name": "RV24.06.3",
"product": {
"name": "Insyde UEFI Firmware RV24.06.3",
"product_id": "T038993-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:rv24.06.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003cRV23.08.1",
"product": {
"name": "Insyde UEFI Firmware \u003cRV23.08.1",
"product_id": "T038994"
}
},
{
"category": "product_version",
"name": "RV23.08.1",
"product": {
"name": "Insyde UEFI Firmware RV23.08.1",
"product_id": "T038994-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:rv23.08.1"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV7.08.014",
"product": {
"name": "Meinberg LANTIME \u003cV7.08.014",
"product_id": "T036396"
}
},
{
"category": "product_version",
"name": "V7.08.014",
"product": {
"name": "Meinberg LANTIME V7.08.014",
"product_id": "T036396-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:v7.08.014"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "Open Source OpenSSL 3.1",
"product_id": "T028638",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.1"
}
}
},
{
"category": "product_version",
"name": "3",
"product": {
"name": "Open Source OpenSSL 3.0",
"product_id": "T030963",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0"
}
}
},
{
"category": "product_version",
"name": "3.0 FIPS",
"product": {
"name": "Open Source OpenSSL 3.0 FIPS",
"product_id": "T034876",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0::fips"
}
}
},
{
"category": "product_version",
"name": "3.1 FIPS",
"product": {
"name": "Open Source OpenSSL 3.1 FIPS",
"product_id": "T034877",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.1::fips"
}
}
},
{
"category": "product_version",
"name": "3.2",
"product": {
"name": "Open Source OpenSSL 3.2",
"product_id": "T034878",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.2"
}
}
},
{
"category": "product_version",
"name": "3.3",
"product": {
"name": "Open Source OpenSSL 3.3",
"product_id": "T034879",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.3"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.7.2",
"product": {
"name": "Securepoint UTM \u003c12.7.2",
"product_id": "T036885"
}
},
{
"category": "product_version",
"name": "12.7.2",
"product": {
"name": "Securepoint UTM 12.7.2",
"product_id": "T036885-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:securepoint:unified_threat_management:12.7.2"
}
}
}
],
"category": "product_name",
"name": "UTM"
}
],
"category": "vendor",
"name": "Securepoint"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server",
"product": {
"name": "Xerox FreeFlow Print Server",
"product_id": "T010509",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:-"
}
}
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4603",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in OpenSSL. Dies betrifft Anwendungen, die \u00f6ffentliche DSA-Schl\u00fcssel oder -Parameter mit den Funktionen \"EVP_PKEY_param_check()\" oder \"EVP_PKEY_public_check()\" validieren. Wenn der DSA Modulus (\"p\")-Parameter zu gro\u00df ist, dauern bestimmte Validierungen sehr lange und verz\u00f6gern die aufrufende Anwendung. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um mit speziell gestalteten DSA-Schl\u00fcsseln einen Denial of Service-Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T034877",
"T038916",
"T034876",
"T038915",
"T030963",
"67646",
"434967",
"T034879",
"T038914",
"T034878",
"1039165",
"1522854",
"T036885",
"T036396",
"T038994",
"T038993",
"1139691",
"T038286",
"T002207",
"T039192",
"T000126",
"T028638",
"T010509"
]
},
"release_date": "2024-05-16T22:00:00.000+00:00",
"title": "CVE-2024-4603"
}
]
}
wid-sec-w-2024-1645
Vulnerability from csaf_certbund
Published
2024-07-16 22:00
Modified
2024-07-16 22:00
Summary
Oracle Database Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Oracle Datenbank ist ein weit verbreitetes relationales Datenbanksystem.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Database Server ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1645 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1645.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1645 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1645"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Database Server vom 2024-07-16",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixDB"
}
],
"source_lang": "en-US",
"title": "Oracle Database Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:28.160+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1645",
"initial_release_date": "2024-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "23.4",
"product": {
"name": "Oracle Database Server 23.4",
"product_id": "T036180",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:database_server:23.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=19.23",
"product": {
"name": "Oracle Database Server \u003c=19.23",
"product_id": "T036181"
}
},
{
"category": "product_version_range",
"name": "\u003c=21.14",
"product": {
"name": "Oracle Database Server \u003c=21.14",
"product_id": "T036182"
}
}
],
"category": "product_name",
"name": "Database Server"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41881",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2024-0397",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-21098",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21098"
},
{
"cve": "CVE-2024-21123",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21123"
},
{
"cve": "CVE-2024-21126",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21126"
},
{
"cve": "CVE-2024-21174",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21174"
},
{
"cve": "CVE-2024-21184",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-21184"
},
{
"cve": "CVE-2024-4603",
"notes": [
{
"category": "description",
"text": "In Oracle Database Server existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036180"
],
"last_affected": [
"T036182",
"T036181"
]
},
"release_date": "2024-07-16T22:00:00.000+00:00",
"title": "CVE-2024-4603"
}
]
}
wid-sec-w-2024-2112
Vulnerability from csaf_certbund
Published
2024-09-10 22:00
Modified
2024-09-10 22:00
Summary
Insyde UEFI Firmware: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Insyde UEFI Firmware ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "InsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Insyde UEFI Firmware ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2112 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2112.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2112 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2112"
},
{
"category": "external",
"summary": "Insyde Security Pledge INSYDE-SA-2024009 vom 2024-09-10",
"url": "https://www.insyde.com/security-pledge/SA-2024009"
}
],
"source_lang": "en-US",
"title": "Insyde UEFI Firmware: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2024-09-10T22:00:00.000+00:00",
"generator": {
"date": "2024-09-11T09:40:00.857+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2112",
"initial_release_date": "2024-09-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "OpenSSL \u003c3.2.1",
"product": {
"name": "Insyde UEFI Firmware OpenSSL \u003c3.2.1",
"product_id": "T037494"
}
},
{
"category": "product_version",
"name": "OpenSSL 3.2.1",
"product": {
"name": "Insyde UEFI Firmware OpenSSL 3.2.1",
"product_id": "T037494-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:openssl__3.2.1"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5678",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der Insyde UEFI Firmware. Diese Fehler existieren in der OpenSSL-Komponente wegen mehrerer Puffer\u00fcberlaufprobleme. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um den Dienst zu beenden und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037494"
]
},
"release_date": "2024-09-10T22:00:00.000+00:00",
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2024-0727",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der Insyde UEFI Firmware. Diese Fehler existieren in der OpenSSL-Komponente wegen mehrerer Puffer\u00fcberlaufprobleme. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um den Dienst zu beenden und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037494"
]
},
"release_date": "2024-09-10T22:00:00.000+00:00",
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-2511",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der Insyde UEFI Firmware. Diese Fehler existieren in der OpenSSL-Komponente wegen mehrerer Puffer\u00fcberlaufprobleme. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um den Dienst zu beenden und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037494"
]
},
"release_date": "2024-09-10T22:00:00.000+00:00",
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4603",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der Insyde UEFI Firmware. Diese Fehler existieren in der OpenSSL-Komponente wegen mehrerer Puffer\u00fcberlaufprobleme. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um den Dienst zu beenden und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037494"
]
},
"release_date": "2024-09-10T22:00:00.000+00:00",
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-4741",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der Insyde UEFI Firmware. Diese Fehler existieren in der OpenSSL-Komponente wegen mehrerer Puffer\u00fcberlaufprobleme. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um den Dienst zu beenden und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037494"
]
},
"release_date": "2024-09-10T22:00:00.000+00:00",
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5535",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in der Insyde UEFI Firmware. Diese Fehler existieren in der OpenSSL-Komponente wegen mehrerer Puffer\u00fcberlaufprobleme. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um den Dienst zu beenden und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037494"
]
},
"release_date": "2024-09-10T22:00:00.000+00:00",
"title": "CVE-2024-5535"
}
]
}
wid-sec-w-2024-3195
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2024-10-15 22:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3195 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3195.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3195 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3195"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Communications vom 2024-10-15",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixCGBU"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-15T22:00:00.000+00:00",
"generator": {
"date": "2024-10-16T10:12:35.400+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3195",
"initial_release_date": "2024-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9.1.1.3.0",
"product": {
"name": "Oracle Communications 9.1.1.3.0",
"product_id": "T027333",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.1.3.0"
}
}
},
{
"category": "product_version",
"name": "12.6.1.0.0",
"product": {
"name": "Oracle Communications 12.6.1.0.0",
"product_id": "T027338",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.6.1.0.0"
}
}
},
{
"category": "product_version",
"name": "5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_version",
"name": "15.0.0.0.0",
"product": {
"name": "Oracle Communications 15.0.0.0.0",
"product_id": "T032090",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:15.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.4.0",
"product": {
"name": "Oracle Communications 23.4.0",
"product_id": "T032091",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.0"
}
}
},
{
"category": "product_version",
"name": "23.4.2",
"product": {
"name": "Oracle Communications 23.4.2",
"product_id": "T034144",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0",
"product": {
"name": "Oracle Communications 24.1.0",
"product_id": "T034145",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0"
}
}
},
{
"category": "product_version",
"name": "5.2",
"product": {
"name": "Oracle Communications 5.2",
"product_id": "T034146",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.2"
}
}
},
{
"category": "product_version",
"name": "24.1.0.0.0",
"product": {
"name": "Oracle Communications 24.1.0.0.0",
"product_id": "T034147",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.0.0.0"
}
}
},
{
"category": "product_version",
"name": "23.4.3",
"product": {
"name": "Oracle Communications 23.4.3",
"product_id": "T036195",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.3"
}
}
},
{
"category": "product_version",
"name": "23.4.4",
"product": {
"name": "Oracle Communications 23.4.4",
"product_id": "T036196",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.4.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=24.2.0",
"product": {
"name": "Oracle Communications \u003c=24.2.0",
"product_id": "T036197"
}
},
{
"category": "product_version_range",
"name": "\u003c=24.2.0",
"product": {
"name": "Oracle Communications \u003c=24.2.0",
"product_id": "T036197-fixed"
}
},
{
"category": "product_version",
"name": "4.1.0",
"product": {
"name": "Oracle Communications 4.1.0",
"product_id": "T036205",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.1.0"
}
}
},
{
"category": "product_version",
"name": "4.2.0",
"product": {
"name": "Oracle Communications 4.2.0",
"product_id": "T036206",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.2.0"
}
}
},
{
"category": "product_version",
"name": "9.2.0",
"product": {
"name": "Oracle Communications 9.2.0",
"product_id": "T036207",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.2.0"
}
}
},
{
"category": "product_version",
"name": "9.3.0",
"product": {
"name": "Oracle Communications 9.3.0",
"product_id": "T036208",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.3.0"
}
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "Oracle Communications 12.11.0",
"product_id": "T036209",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.11.0"
}
}
},
{
"category": "product_version",
"name": "9.0.1.10.0",
"product": {
"name": "Oracle Communications 9.0.1.10.0",
"product_id": "T038373",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.1.10.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.5",
"product": {
"name": "Oracle Communications \u003c=23.4.5",
"product_id": "T038375"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.5",
"product": {
"name": "Oracle Communications \u003c=23.4.5",
"product_id": "T038375-fixed"
}
},
{
"category": "product_version",
"name": "24.2.1",
"product": {
"name": "Oracle Communications 24.2.1",
"product_id": "T038376",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.6",
"product": {
"name": "Oracle Communications \u003c=23.4.6",
"product_id": "T038377"
}
},
{
"category": "product_version_range",
"name": "\u003c=23.4.6",
"product": {
"name": "Oracle Communications \u003c=23.4.6",
"product_id": "T038377-fixed"
}
},
{
"category": "product_version",
"name": "24.1.1",
"product": {
"name": "Oracle Communications 24.1.1",
"product_id": "T038378",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.1.1"
}
}
},
{
"category": "product_version",
"name": "24.2.2",
"product": {
"name": "Oracle Communications 24.2.2",
"product_id": "T038379",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:24.2.2"
}
}
},
{
"category": "product_version",
"name": "9.1.5",
"product": {
"name": "Oracle Communications 9.1.5",
"product_id": "T038380",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.5"
}
}
},
{
"category": "product_version",
"name": "9.1.0",
"product": {
"name": "Oracle Communications 9.1.0",
"product_id": "T038381",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.0"
}
}
},
{
"category": "product_version",
"name": "14",
"product": {
"name": "Oracle Communications 14.0",
"product_id": "T038382",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:14.0"
}
}
},
{
"category": "product_version",
"name": "9.1.1.9.0",
"product": {
"name": "Oracle Communications 9.1.1.9.0",
"product_id": "T038383",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.1.9.0"
}
}
},
{
"category": "product_version",
"name": "14.0.0.1",
"product": {
"name": "Oracle Communications 14.0.0.1",
"product_id": "T038384",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:14.0.0.1"
}
}
},
{
"category": "product_version",
"name": "17.0.1",
"product": {
"name": "Oracle Communications 17.0.1",
"product_id": "T038385",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:17.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.4.0.4",
"product": {
"name": "Oracle Communications \u003c10.4.0.4",
"product_id": "T038386"
}
},
{
"category": "product_version",
"name": "10.4.0.4",
"product": {
"name": "Oracle Communications 10.4.0.4",
"product_id": "T038386-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:10.4.0.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=9.1.1.8.0",
"product": {
"name": "Oracle Communications \u003c=9.1.1.8.0",
"product_id": "T038426"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.1.1.8.0",
"product": {
"name": "Oracle Communications \u003c=9.1.1.8.0",
"product_id": "T038426-fixed"
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2068",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2022-2068"
},
{
"cve": "CVE-2022-23437",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2022-2601",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2022-2601"
},
{
"cve": "CVE-2022-36760",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2022-36760"
},
{
"cve": "CVE-2023-2953",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-2953"
},
{
"cve": "CVE-2023-3635",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-3635"
},
{
"cve": "CVE-2023-38408",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-38408"
},
{
"cve": "CVE-2023-4043",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-4043"
},
{
"cve": "CVE-2023-46136",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-46136"
},
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-5685",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2023-6597",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2023-6816",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2023-6816"
},
{
"cve": "CVE-2024-0450",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-22020",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-22020"
},
{
"cve": "CVE-2024-22257",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-2398",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-25062",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25638",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-25638"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-28182",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29736",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-29736"
},
{
"cve": "CVE-2024-29857",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-30251",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-30251"
},
{
"cve": "CVE-2024-31080",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-31080"
},
{
"cve": "CVE-2024-31744",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-31744"
},
{
"cve": "CVE-2024-32760",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-32760"
},
{
"cve": "CVE-2024-33602",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-34750",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-37371",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2024-37891",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38816",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-40898",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-40898"
},
{
"cve": "CVE-2024-43044",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-43044"
},
{
"cve": "CVE-2024-45492",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-4577",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-4577"
},
{
"cve": "CVE-2024-4603",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-5971",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-5971"
},
{
"cve": "CVE-2024-6162",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-6387",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-7254",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T036209",
"T036205",
"T036206",
"T036207",
"T036208",
"T034147",
"T038386",
"T034146",
"T034145",
"T034144",
"T038382",
"T038383",
"T038384",
"T038385",
"T038380",
"T038381",
"T027338",
"T027333",
"T028684",
"T038379",
"T038376",
"T038378",
"T036195",
"T038373",
"T036196",
"T032090",
"T032091"
],
"last_affected": [
"T038426",
"T036197",
"T038375",
"T038377"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-7254"
}
]
}
icsa-24-319-06
Vulnerability from csaf_cisa
Published
2024-11-12 00:00
Modified
2024-11-12 00:00
Summary
Siemens SCALANCE M-800 Family
Notes
Summary
SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-354112.json"
},
{
"category": "self",
"summary": "SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-319-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-319-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-319-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE M-800 Family",
"tracking": {
"current_release_date": "2024-11-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-319-06",
"initial_release_date": "2024-11-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK6108-4AM00-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK6108-4AM00-2DA2"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M804PB (6GK5804-0AP00-2AA2)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK5804-0AP00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M804PB (6GK5804-0AP00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK5812-1AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK5812-1BA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK5816-1AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK5816-1BA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK5826-2AB00-2AB2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK5874-2AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK5874-3AA00-2FA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK5874-3AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK5876-3AA02-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6GK5876-3AA02-2EA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-4 (6GK5876-4AA10-2BA2)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA10-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (6GK5876-4AA10-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA00-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA00-2DA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6GK5853-2EA10-2AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6GK5853-2EA10-2BA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6GK5853-2EA00-2DA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA10-3AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA10-3BA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3FA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3DA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"model_numbers": [
"6GK5615-0AA01-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"model_numbers": [
"6GK5615-0AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3506",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2021-3506"
},
{
"cve": "CVE-2023-28450",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2023-28450"
},
{
"cve": "CVE-2023-49441",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2023-49441"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\r\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4603",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those computations take a long time if the modulus (`p` parameter) is too large. Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the `-check` option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5594",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"notes": [
{
"category": "summary",
"text": "control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-5594"
},
{
"cve": "CVE-2024-26306",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-26306"
},
{
"cve": "CVE-2024-26925",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-26925"
},
{
"cve": "CVE-2024-28882",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-28882"
},
{
"cve": "CVE-2024-50557",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-50557"
},
{
"cve": "CVE-2024-50558",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-50558"
},
{
"cve": "CVE-2024-50559",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-50559"
},
{
"cve": "CVE-2024-50560",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-50560"
},
{
"cve": "CVE-2024-50561",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-50561"
},
{
"cve": "CVE-2024-50572",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0010",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026"
]
}
],
"title": "CVE-2024-50572"
}
]
}
rhsa-2024_9333
Vulnerability from csaf_redhat
Published
2024-11-12 09:22
Modified
2024-12-04 11:54
Summary
Red Hat Security Advisory: openssl and openssl-fips-provider security update
Notes
Topic
An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)
* openssl: Excessive time spent checking DSA keys and parameters (CVE-2024-4603)
* openssl: Use After Free with SSL_free_buffers (CVE-2024-4741)
* openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)\n\n* openssl: Excessive time spent checking DSA keys and parameters (CVE-2024-4603)\n\n* openssl: Use After Free with SSL_free_buffers (CVE-2024-4741)\n\n* openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9333",
"url": "https://access.redhat.com/errata/RHSA-2024:9333"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "2274020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274020"
},
{
"category": "external",
"summary": "2281029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281029"
},
{
"category": "external",
"summary": "2283757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283757"
},
{
"category": "external",
"summary": "2294581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581"
},
{
"category": "external",
"summary": "RHEL-26271",
"url": "https://issues.redhat.com/browse/RHEL-26271"
},
{
"category": "external",
"summary": "RHEL-32123",
"url": "https://issues.redhat.com/browse/RHEL-32123"
},
{
"category": "external",
"summary": "RHEL-38514",
"url": "https://issues.redhat.com/browse/RHEL-38514"
},
{
"category": "external",
"summary": "RHEL-40723",
"url": "https://issues.redhat.com/browse/RHEL-40723"
},
{
"category": "external",
"summary": "RHEL-58662",
"url": "https://issues.redhat.com/browse/RHEL-58662"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9333.json"
}
],
"title": "Red Hat Security Advisory: openssl and openssl-fips-provider security update",
"tracking": {
"current_release_date": "2024-12-04T11:54:26+00:00",
"generator": {
"date": "2024-12-04T11:54:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:9333",
"initial_release_date": "2024-11-12T09:22:03+00:00",
"revision_history": [
{
"date": "2024-11-12T09:22:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-12T09:22:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-04T11:54:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-6.el9_5.src",
"product": {
"name": "openssl-1:3.2.2-6.el9_5.src",
"product_id": "openssl-1:3.2.2-6.el9_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.src",
"product": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.src",
"product_id": "openssl-fips-provider-0:3.0.7-6.el9_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-libs-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-libs-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-devel-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-devel-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-6.el9_5.aarch64",
"product": {
"name": "openssl-perl-1:3.2.2-6.el9_5.aarch64",
"product_id": "openssl-perl-1:3.2.2-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-6.el9_5?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"product_id": "openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"product_id": "openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-6.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-6.el9_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"product": {
"name": "openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"product_id": "openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-6.el9_5?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"product": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"product_id": "openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"product_id": "openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-6.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-6.el9_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-libs-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-libs-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-devel-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-devel-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-6.el9_5.x86_64",
"product": {
"name": "openssl-perl-1:3.2.2-6.el9_5.x86_64",
"product_id": "openssl-perl-1:3.2.2-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-6.el9_5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"product": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"product_id": "openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"product_id": "openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-6.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-6.el9_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-6.el9_5.i686",
"product": {
"name": "openssl-libs-1:3.2.2-6.el9_5.i686",
"product_id": "openssl-libs-1:3.2.2-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-6.el9_5.i686",
"product": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.i686",
"product_id": "openssl-debugsource-1:3.2.2-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-6.el9_5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"product": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"product_id": "openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-6.el9_5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"product_id": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-6.el9_5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-6.el9_5.i686",
"product": {
"name": "openssl-devel-1:3.2.2-6.el9_5.i686",
"product_id": "openssl-devel-1:3.2.2-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-6.el9_5?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"product": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"product_id": "openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-6.el9_5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-6.el9_5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-libs-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-libs-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debugsource@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-debuginfo@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-libs-debuginfo@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-devel-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-devel-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-devel-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-devel@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-perl-1:3.2.2-6.el9_5.s390x",
"product": {
"name": "openssl-perl-1:3.2.2-6.el9_5.s390x",
"product_id": "openssl-perl-1:3.2.2-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-perl@3.2.2-6.el9_5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"product": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"product_id": "openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-6.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"product": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"product_id": "openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-6.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"product": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"product_id": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debugsource@3.0.7-6.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"product": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"product_id": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openssl-fips-provider-so-debuginfo@3.0.7-6.el9_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.src",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.src",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-devel-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-devel-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686"
},
"product_reference": "openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le"
},
"product_reference": "openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x"
},
"product_reference": "openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src"
},
"product_reference": "openssl-fips-provider-0:3.0.7-6.el9_5.src",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-0:3.0.7-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64"
},
"product_reference": "openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64"
},
"product_reference": "openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64"
},
"product_reference": "openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
},
"product_reference": "openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-libs-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.aarch64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.s390x",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-perl-1:3.2.2-6.el9_5.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
},
"product_reference": "openssl-perl-1:3.2.2-6.el9_5.x86_64",
"relates_to_product_reference": "BaseOS-9.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-04-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274020"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL\u0027s TLSv3.1 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Unbounded memory growth with session handling in TLSv1.3",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The OpenSSL version shipped with Red Hat Enterprise Linux 7 is not affected by this issue, as the version 1.0.2 does not contain the related bug.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"known_not_affected": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-2511"
},
{
"category": "external",
"summary": "RHBZ#2274020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/vulnerabilities.html",
"url": "https://www.openssl.org/news/vulnerabilities.html"
}
],
"release_date": "2024-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:22:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9333"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Unbounded memory growth with session handling in TLSv1.3"
},
{
"cve": "CVE-2024-4603",
"discovery_date": "2024-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2281029"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.\u00a0 In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Excessive time spent checking DSA keys and parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Only OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"known_not_affected": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4603"
},
{
"category": "external",
"summary": "RHBZ#2281029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281029"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4603"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20240516.txt",
"url": "https://www.openssl.org/news/secadv/20240516.txt"
}
],
"release_date": "2024-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:22:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9333"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Excessive time spent checking DSA keys and parameters"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2283757"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Use After Free with SSL_free_buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat classifies this vulnerability as having a low impact because the affected function is infrequently used by applications. However, Red Hat includes this function in their regular packages, which is why the related components are listed as affected in the table below.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"known_not_affected": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4741"
},
{
"category": "external",
"summary": "RHBZ#2283757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4741",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4741"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20240528.txt",
"url": "https://www.openssl.org/news/secadv/20240528.txt"
}
],
"release_date": "2024-05-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:22:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9333"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Use After Free with SSL_free_buffers"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294581"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the \u0027no overlap\u0027 response in ALPN or uses the output as the opportunistic protocol in NPN.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: SSL_select_next_proto buffer overread",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The FIPS modules in versions 3.3, 3.2, 3.1, and 3.0 are not affected by this issue.\nThe packages shim and shim-unsigned-x64 are not impacted by this CVE, as the affected OpenSSL code path is not utilized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"known_not_affected": [
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5535"
},
{
"category": "external",
"summary": "RHBZ#2294581",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294581"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5535",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5535"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-12T09:22:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9333"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-fips-provider-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debuginfo-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-fips-provider-so-debugsource-0:3.0.7-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"AppStream-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"AppStream-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.src",
"BaseOS-9.5.0.GA:openssl-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-debugsource-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-devel-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.i686",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-libs-debuginfo-1:3.2.2-6.el9_5.x86_64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.aarch64",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.ppc64le",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.s390x",
"BaseOS-9.5.0.GA:openssl-perl-1:3.2.2-6.el9_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: SSL_select_next_proto buffer overread"
}
]
}
ssa-354112
Vulnerability from csaf_siemens
Published
2024-11-12 00:00
Modified
2024-11-12 00:00
Summary
SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2
Notes
Summary
SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
},
{
"category": "self",
"summary": "SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-354112.json"
}
],
"title": "SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2",
"tracking": {
"current_release_date": "2024-11-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-354112",
"initial_release_date": "2024-11-12T00:00:00Z",
"revision_history": [
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK6108-4AM00-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6GK6108-4AM00-2DA2"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M804PB (6GK5804-0AP00-2AA2)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6GK5804-0AP00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M804PB (6GK5804-0AP00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6GK5812-1AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6GK5812-1BA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"6GK5816-1AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"6GK5816-1BA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"6GK5826-2AB00-2AB2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2)",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"6GK5874-2AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"6GK5874-3AA00-2FA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2)",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"6GK5874-3AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2)",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"6GK5876-3AA02-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"6GK5876-3AA02-2EA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-4 (6GK5876-4AA10-2BA2)",
"product_id": "14",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA10-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (6GK5876-4AA10-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA00-2BA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"6GK5876-4AA00-2DA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"6GK5853-2EA10-2AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)",
"product_id": "18",
"product_identification_helper": {
"model_numbers": [
"6GK5853-2EA10-2BA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"6GK5853-2EA00-2DA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)",
"product_id": "20",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA10-3AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA10-3BA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)",
"product_id": "22",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3FA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)",
"product_id": "23",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3DA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)",
"product_id": "24",
"product_identification_helper": {
"model_numbers": [
"6GK5856-2EA00-3AA1"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)",
"product_id": "25",
"product_identification_helper": {
"model_numbers": [
"6GK5615-0AA01-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.2",
"product": {
"name": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)",
"product_id": "26",
"product_identification_helper": {
"model_numbers": [
"6GK5615-0AA00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3506",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2021-3506"
},
{
"cve": "CVE-2023-28450",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2023-28450"
},
{
"cve": "CVE-2023-49441",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2023-49441"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions\r\nImpact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-4603",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those computations take a long time if the modulus (`p` parameter) is too large. Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the `-check` option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5594",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"notes": [
{
"category": "summary",
"text": "control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-5594"
},
{
"cve": "CVE-2024-26306",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-26306"
},
{
"cve": "CVE-2024-26925",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-26925"
},
{
"cve": "CVE-2024-28882",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-28882"
},
{
"cve": "CVE-2024-50557",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-50557"
},
{
"cve": "CVE-2024-50558",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-50558"
},
{
"cve": "CVE-2024-50559",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-50559"
},
{
"cve": "CVE-2024-50560",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-50560"
},
{
"cve": "CVE-2024-50561",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-50561"
},
{
"cve": "CVE-2024-50572",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V8.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109976047/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"11",
"10",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26"
]
}
],
"title": "CVE-2024-50572"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.