Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-54091
Vulnerability from cvelistv5
Published
2024-12-10 13:54
Modified
2025-04-08 08:22
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Solid Edge SE2024 |
Version: 0 < V224.0 Update 12 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54091", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T15:15:24.096235Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T17:17:59.464Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Solid Edge SE2024", vendor: "Siemens", versions: [ { lessThan: "V224.0 Update 12", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Solid Edge SE2025", vendor: "Siemens", versions: [ { lessThan: "V225.0 Update 3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.\r\nThis could allow an attacker to execute code in the context of the current process.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-08T08:22:23.402Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-979056.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-672923.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-54091", datePublished: "2024-12-10T13:54:17.315Z", dateReserved: "2024-11-28T12:05:26.694Z", dateUpdated: "2025-04-08T08:22:23.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-54091\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-12-10T14:30:47.193\",\"lastModified\":\"2025-04-08T09:15:22.763\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.\\r\\nThis could allow an attacker to execute code in the context of the current process.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en Parasolid V36.1 (todas las versiones anteriores a V36.1.225), Parasolid V37.0 (todas las versiones anteriores a V37.0.173) y Parasolid V37.1 (todas las versiones anteriores a V37.1.109). Las aplicaciones afectadas contienen una vulnerabilidad de escritura fuera de los límites al analizar archivos PAR especialmente manipulados. Esto podría permitir que un atacante ejecute código en el contexto del proceso actual.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-672923.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-979056.html\",\"source\":\"productcert@siemens.com\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-54091\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-10T15:15:24.096235Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-10T15:15:29.916Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Solid Edge SE2024\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V224.0 Update 12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Solid Edge SE2025\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V225.0 Update 3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-979056.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-672923.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.\\r\\nThis could allow an attacker to execute code in the context of the current process.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-04-08T08:22:23.402Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-54091\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T08:22:23.402Z\", \"dateReserved\": \"2024-11-28T12:05:26.694Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-12-10T13:54:17.315Z\", \"assignerShortName\": \"siemens\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ghsa-h9pg-36c2-7xw9
Vulnerability from github
Published
2024-12-10 15:32
Modified
2025-04-08 09:31
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Details
A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
{ affected: [], aliases: [ "CVE-2024-54091", ], database_specific: { cwe_ids: [ "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2024-12-10T14:30:47Z", severity: "HIGH", }, details: "A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files.\nThis could allow an attacker to execute code in the context of the current process.", id: "GHSA-h9pg-36c2-7xw9", modified: "2025-04-08T09:31:08Z", published: "2024-12-10T15:32:31Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-54091", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-672923.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-979056.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", type: "CVSS_V4", }, ], }
ncsc-2025-0106
Vulnerability from csaf_ncscnl
Published
2025-04-08 13:57
Modified
2025-04-08 13:57
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie
Kans
medium
Schade
high
CWE-287
Improper Authentication
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE-606
Unchecked Input for Loop Condition
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-363
Race Condition Enabling Link Following
CWE-420
Unprotected Alternate Channel
CWE-684
Incorrect Provision of Specified Functionality
CWE-834
Excessive Iteration
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-319
Cleartext Transmission of Sensitive Information
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-404
Improper Resource Shutdown or Release
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-1390
Weak Authentication
CWE-204
Observable Response Discrepancy
CWE-15
External Control of System or Configuration Setting
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-653
Improper Isolation or Compartmentalization
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-620
Unverified Password Change
CWE-798
Use of Hard-coded Credentials
CWE-269
Improper Privilege Management
CWE-295
Improper Certificate Validation
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "description", text: " ", title: "Dreigingsinformatie", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Race Condition Enabling Link Following", title: "CWE-363", }, { category: "general", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "general", text: "Incorrect Provision of Specified Functionality", title: "CWE-684", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "Observable Response Discrepancy", title: "CWE-204", }, { category: "general", text: "External Control of System or Configuration Setting", title: "CWE-15", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Unverified Password Change", title: "CWE-620", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-187636.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-277137.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-525431.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-634640.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-672923.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-725549.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-819629.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-874353.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-817234.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2025-04-08T13:57:11.959816Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0106", initial_release_date: "2025-04-08T13:57:11.959816Z", revision_history: [ { date: "2025-04-08T13:57:11.959816Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1-a", product: { name: "vers:unknown/<v1.21.1-1-a", product_id: "CSAFPID-2631845", }, }, ], category: "product_name", name: "Industrial Edge Own Device (IEOD)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1", product: { name: "vers:unknown/<v1.21.1-1", product_id: "CSAFPID-2631844", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.21", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.20.2-1", product: { name: "vers:unknown/<v1.20.2-1", product_id: "CSAFPID-2631843", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.20", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631842", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.19", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631841", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631840", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.17", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1", product: { name: "vers:unknown/<v1.21.1-1", product_id: "CSAFPID-2631839", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.21", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.20.2-1", product: { name: "vers:unknown/<v1.20.2-1", product_id: "CSAFPID-2631838", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.20", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631837", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.19", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631836", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631835", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.17", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631900", }, }, ], category: "product_name", name: "SENTRON 7KT PAC1260 Data Manager", }, { branches: [ { category: "product_version_range", name: "vers:unknown/4.0", product: { name: "vers:unknown/4.0", product_id: "CSAFPID-2632341", }, }, { category: "product_version_range", name: "vers:unknown/4.1", product: { name: "vers:unknown/4.1", product_id: "CSAFPID-2632342", }, }, { category: "product_version_range", name: "vers:unknown/4.2", product: { name: "vers:unknown/4.2", product_id: "CSAFPID-2632343", }, }, ], category: "product_name", name: "License Server", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v4.3", product: { name: "vers:unknown/<v4.3", product_id: "CSAFPID-2631790", }, }, ], category: "product_name", name: "Siemens License Server (SLS)", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:siemens/224.0 update 12", product: { name: "vers:siemens/224.0 update 12", product_id: "CSAFPID-2632460", }, }, { category: "product_version_range", name: "vers:siemens/225.0 update 3", product: { name: "vers:siemens/225.0 update 3", product_id: "CSAFPID-2632459", }, }, ], category: "product_name", name: "Solid Edge", }, { branches: [ { category: "product_version_range", name: "vers:siemens/v224.0 update 12", product: { name: "vers:siemens/v224.0 update 12", product_id: "CSAFPID-2632083", }, }, ], category: "product_name", name: "Solid_Edge_Se2024", }, { branches: [ { category: "product_version_range", name: "vers:siemens/2.0 sp1", product: { name: "vers:siemens/2.0 sp1", product_id: "CSAFPID-1211926", }, }, ], category: "product_name", name: "SINEC Network Management System", }, { branches: [ { category: "product_version_range", name: "vers:unknown/none", product: { name: "vers:unknown/none", product_id: "CSAFPID-2619361", }, }, ], category: "product_name", name: "Siemens Simatic S7-1500 Tm Mfp", }, { branches: [ { category: "product_version_range", name: "vers:unknown/>=3|<312", product: { name: "vers:unknown/>=3|<312", product_id: "CSAFPID-1209122", }, }, ], category: "product_name", name: "Siemens Telecontrol Server Basic", }, ], category: "product_family", name: "Siemens", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v224.0update12", product: { name: "vers:unknown/<v224.0update12", product_id: "CSAFPID-2631854", }, }, ], category: "product_name", name: "Solid Edge SE2024", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v225.0update3", product: { name: "vers:unknown/<v225.0update3", product_id: "CSAFPID-2631855", }, }, ], category: "product_name", name: "Solid Edge SE2025", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2.0.0", product: { name: "vers:unknown/<v2.0.0", product_id: "CSAFPID-1296722", }, }, ], category: "product_name", name: "SIMATIC CFU DIQ", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2.0", product: { name: "vers:unknown/<v2.0", product_id: "CSAFPID-2631923", }, }, { category: "product_version_range", name: "vers:unknown/<v2.0.0", product: { name: "vers:unknown/<v2.0.0", product_id: "CSAFPID-1296723", }, }, ], category: "product_name", name: "SIMATIC CFU PA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631924", }, }, ], category: "product_name", name: "SIMATIC ET 200AL IM 157-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631925", }, }, ], category: "product_name", name: "SIMATIC ET 200M IM 153-4 PN IO HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631926", }, }, ], category: "product_name", name: "SIMATIC ET 200M IM 153-4 PN IO ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631927", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631928", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631929", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631932", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN FO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631933", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631934", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN HS", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631935", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765658", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-8 PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765659", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-8F PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631856", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1510SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631858", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1510SP-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631860", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1512SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631862", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1512SP-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765660", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 MF HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631936", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.3", product: { name: "vers:unknown/<v1.3", product_id: "CSAFPID-2631937", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631938", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631939", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HS", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631940", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631920", }, }, ], category: "product_name", name: "SIDOOR ATD430W", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631921", }, }, ], category: "product_name", name: "SIDOOR ATE530G COATED", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631922", }, }, ], category: "product_name", name: "SIDOOR ATE530S COATED", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631967", }, }, ], category: "product_name", name: "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631968", }, }, ], category: "product_name", name: "SIMOCODE pro V PROFINET", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631969", }, }, ], category: "product_name", name: "SINUMERIK 840D sl", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632004", }, }, ], category: "product_name", name: "SIWAREX WP231", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632005", }, }, ], category: "product_name", name: "SIWAREX WP241", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632006", }, }, ], category: "product_name", name: "SIWAREX WP251", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632007", }, }, ], category: "product_name", name: "SIWAREX WP521 ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632008", }, }, ], category: "product_name", name: "SIWAREX WP522 ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631966", }, }, ], category: "product_name", name: "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765690", }, }, ], category: "product_name", name: "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765691", }, }, ], category: "product_name", name: "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.3", product: { name: "vers:unknown/<v8.3", product_id: "CSAFPID-2459039", }, }, ], category: "product_name", name: "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631970", }, }, ], category: "product_name", name: "SIPLUS ET 200M IM 153-4 PN IO HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631971", }, }, ], category: "product_name", name: "SIPLUS ET 200M IM 153-4 PN IO ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631972", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631973", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631974", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631975", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765700", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM 151-8 PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765701", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM 151-8F PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631976", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM151-3 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631977", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM151-3 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1296980", }, }, ], category: "product_name", name: "SIPLUS ET 200SP CPU 1512SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631978", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631979", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631980", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631981", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631982", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631983", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631984", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631985", }, }, ], category: "product_name", name: "SIPLUS HCS4200 CIM4210", }, { branches: [ { category: "product_version_range", name: "vers:unknown/10.16.0", product: { name: "vers:unknown/10.16.0", product_id: "CSAFPID-2632402", }, }, ], category: "product_name", name: "Mendix Runtime", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v10.21.0", product: { name: "vers:unknown/<v10.21.0", product_id: "CSAFPID-2631802", }, }, ], category: "product_name", name: "Mendix Runtime V10", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631803", }, }, ], category: "product_name", name: "Mendix Runtime V10.12", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631804", }, }, ], category: "product_name", name: "Mendix Runtime V10.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631805", }, }, ], category: "product_name", name: "Mendix Runtime V10.6", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1296837", }, }, ], category: "product_name", name: "Mendix Runtime V8", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v9.24.34", product: { name: "vers:unknown/<v9.24.34", product_id: "CSAFPID-2631806", }, }, ], category: "product_name", name: "Mendix Runtime V9", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21658", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "other", text: "Race Condition Enabling Link Following", title: "CWE-363", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2022-21658", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-21658.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2022-21658", }, { cve: "CVE-2023-2975", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-2975", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2975.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-2975", }, { cve: "CVE-2023-3446", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-3446", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-3446", }, { cve: "CVE-2023-3817", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-3817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-3817", }, { cve: "CVE-2023-4807", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-4807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4807.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-4807", }, { cve: "CVE-2023-5363", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, notes: [ { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Incorrect Provision of Specified Functionality", title: "CWE-684", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-5363", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5363.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-5363", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-7104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2024-0056", cwe: { id: "CWE-420", name: "Unprotected Alternate Channel", }, notes: [ { category: "other", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0056", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json", }, ], scores: [ { cvss_v3: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-0056", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-21319", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-21319", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21319.json", }, ], title: "CVE-2024-21319", }, { cve: "CVE-2024-23814", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-23814", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23814.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-23814", }, { cve: "CVE-2024-30105", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-30105", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30105.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-30105", }, { cve: "CVE-2024-41788", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41788", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41788.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41788", }, { cve: "CVE-2024-41789", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41789", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41789.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41789", }, { cve: "CVE-2024-41790", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41790", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41790.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41790", }, { cve: "CVE-2024-41791", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41791.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41791", }, { cve: "CVE-2024-41792", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41792", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41792.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41792", }, { cve: "CVE-2024-41793", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41793", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41793.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41793", }, { cve: "CVE-2024-41794", cwe: { id: "CWE-798", name: "Use of Hard-coded Credentials", }, notes: [ { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41794", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41794.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41794", }, { cve: "CVE-2024-41795", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "other", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41795.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41795", }, { cve: "CVE-2024-41796", cwe: { id: "CWE-620", name: "Unverified Password Change", }, notes: [ { category: "other", text: "Unverified Password Change", title: "CWE-620", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41796", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41796.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41796", }, { cve: "CVE-2024-54091", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-54091", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54091.json", }, ], title: "CVE-2024-54091", }, { cve: "CVE-2024-54092", cwe: { id: "CWE-1390", name: "Weak Authentication", }, notes: [ { category: "other", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-54092", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54092.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-54092", }, { cve: "CVE-2025-30280", cwe: { id: "CWE-204", name: "Observable Response Discrepancy", }, notes: [ { category: "other", text: "Observable Response Discrepancy", title: "CWE-204", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-30280", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30280.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-30280", }, { cve: "CVE-2025-1097", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1097", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1097.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1097", }, { cve: "CVE-2025-24514", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-24514", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24514.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-24514", }, { cve: "CVE-2025-24513", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-24513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24513.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-24513", }, { cve: "CVE-2025-1974", cwe: { id: "CWE-653", name: "Improper Isolation or Compartmentalization", }, notes: [ { category: "other", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1974", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1974.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1974", }, { cve: "CVE-2025-1098", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1098", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1098.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1098", }, { cve: "CVE-2025-29999", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-29999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29999.json", }, ], title: "CVE-2025-29999", }, { cve: "CVE-2025-30000", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-30000", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30000.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-30000", }, ], }
fkie_cve-2024-54091
Vulnerability from fkie_nvd
Published
2024-12-10 14:30
Modified
2025-04-08 09:15
Severity ?
Summary
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.
This could allow an attacker to execute code in the context of the current process.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format.\r\nThis could allow an attacker to execute code in the context of the current process.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Parasolid V36.1 (todas las versiones anteriores a V36.1.225), Parasolid V37.0 (todas las versiones anteriores a V37.0.173) y Parasolid V37.1 (todas las versiones anteriores a V37.1.109). Las aplicaciones afectadas contienen una vulnerabilidad de escritura fuera de los límites al analizar archivos PAR especialmente manipulados. Esto podría permitir que un atacante ejecute código en el contexto del proceso actual.", }, ], id: "CVE-2024-54091", lastModified: "2025-04-08T09:15:22.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "productcert@siemens.com", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "NONE", attackVector: "LOCAL", availabilityRequirement: "NOT_DEFINED", baseScore: 7.3, baseSeverity: "HIGH", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "productcert@siemens.com", type: "Secondary", }, ], }, published: "2024-12-10T14:30:47.193", references: [ { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-672923.html", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-979056.html", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "productcert@siemens.com", type: "Secondary", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.