rhsa-2025:3543
Vulnerability from csaf_redhat
Published
2025-04-02 20:19
Modified
2025-04-08 13:09
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.5 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)
* io.smallrye/smallrye-fault-tolerance-core: SmallRye Fault Tolerance (CVE-2025-2240)
* spring-security-core: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)
* io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970)
* org.apache.camel/camel-http: bypass of header filters via specially crafted response (CVE-2025-27636)
* org.apache.camel/camel-http-base: bypass of header filters via specially crafted response (CVE-2025-27636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)\n\n* io.smallrye/smallrye-fault-tolerance-core: SmallRye Fault Tolerance (CVE-2025-2240)\n\n* spring-security-core: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)\n\n* io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine (CVE-2025-24970)\n\n* org.apache.camel/camel-http: bypass of header filters via specially crafted response (CVE-2025-27636)\n\n* org.apache.camel/camel-http-base: bypass of header filters via specially crafted response (CVE-2025-27636)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:3543", url: "https://access.redhat.com/errata/RHSA-2025:3543", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2344073", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2344073", }, { category: "external", summary: "2344787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2344787", }, { category: "external", summary: "2350682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2350682", }, { category: "external", summary: "2351452", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2351452", }, { category: "external", summary: "2353507", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2353507", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3543.json", }, ], title: "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.5 for Spring Boot security update.", tracking: { current_release_date: "2025-04-08T13:09:34+00:00", generator: { date: "2025-04-08T13:09:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:3543", initial_release_date: "2025-04-02T20:19:22+00:00", revision_history: [ { date: "2025-04-02T20:19:22+00:00", number: "1", summary: "Initial version", }, { date: "2025-04-02T20:19:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-08T13:09:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apache Camel 4.8.5 for Spring Boot", product: { name: "Red Hat build of Apache Camel 4.8.5 for Spring Boot", product_id: "Red Hat build of Apache Camel 4.8.5 for Spring Boot", product_identification_helper: { cpe: "cpe:/a:redhat:apache_camel_spring_boot:4.8.5", }, }, }, ], category: "product_family", name: "Red Hat Build of Apache Camel", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-57699", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, discovery_date: "2025-02-05T22:01:26.352808+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2344073", }, ], notes: [ { category: "description", text: "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.", title: "Vulnerability description", }, { category: "summary", text: "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)", title: "Vulnerability summary", }, { category: "other", text: "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-57699", }, { category: "external", summary: "RHBZ#2344073", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2344073", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-57699", url: "https://www.cve.org/CVERecord?id=CVE-2024-57699", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-57699", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-57699", }, { category: "external", summary: "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699", url: "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/cve-2023-1370", url: "https://nvd.nist.gov/vuln/detail/cve-2023-1370", }, ], release_date: "2025-02-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-02T20:19:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3543", }, { category: "workaround", details: "Red Hat Product Security does not have a recommended mitigation at this time.", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)", }, { cve: "CVE-2025-2240", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2025-03-12T02:23:44.660000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2351452", }, ], notes: [ { category: "description", text: "A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.", title: "Vulnerability description", }, { category: "summary", text: "smallrye-fault-tolerance: SmallRye Fault Tolerance", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability allows a remote attacker to cause an out-of-memory issue when calling the metrics URI, resulting in a denial of service. As this flaw can be triggered via the network, it has been rated with an important severity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-2240", }, { category: "external", summary: "RHBZ#2351452", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2351452", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-2240", url: "https://www.cve.org/CVERecord?id=CVE-2025-2240", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-2240", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-2240", }, { category: "external", summary: "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4", url: "https://github.com/advisories/GHSA-gfh6-3pqw-x2j4", }, ], release_date: "2025-03-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-02T20:19:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3543", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "smallrye-fault-tolerance: SmallRye Fault Tolerance", }, { cve: "CVE-2025-22228", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, discovery_date: "2025-03-20T06:00:45.196050+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2353507", }, ], notes: [ { category: "description", text: "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-22228", }, { category: "external", summary: "RHBZ#2353507", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2353507", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-22228", url: "https://www.cve.org/CVERecord?id=CVE-2025-22228", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-22228", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-22228", }, { category: "external", summary: "https://spring.io/security/cve-2025-22228", url: "https://spring.io/security/cve-2025-22228", }, ], release_date: "2025-03-20T05:49:19.275000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-02T20:19:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3543", }, { category: "workaround", details: "Red Hat Product Security does not have a recommended mitigation at this time.", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length", }, { cve: "CVE-2025-24970", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2025-02-10T23:00:52.785132+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2344787", }, ], notes: [ { category: "description", text: "A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.", title: "Vulnerability description", }, { category: "summary", text: "io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Netty's SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-24970", }, { category: "external", summary: "RHBZ#2344787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2344787", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-24970", url: "https://www.cve.org/CVERecord?id=CVE-2025-24970", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-24970", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-24970", }, { category: "external", summary: "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4", url: "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", url: "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw", }, ], release_date: "2025-02-10T21:57:28.730000+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-02T20:19:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3543", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine", }, { cve: "CVE-2025-27636", cwe: { id: "CWE-644", name: "Improper Neutralization of HTTP Headers for Scripting Syntax", }, discovery_date: "2025-03-07T18:53:28.136000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2350682", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Camel. This flaw allows an attacker to bypass filtering via a specially crafted request containing a certain combination of upper and lower case characters due to an issue in the default header filtering mechanism, which blocks headers starting with \"Camel\" or \"camel.\"", title: "Vulnerability description", }, { category: "summary", text: "camel-http: org.apache.camel: bypass of header filters via specially crafted response", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as having Moderate impact because it can only be triggered under certain configurations and does not enable complete takeover of the system. In order to be vulnerable, a system using the Apache Camel Framework must specifically be using the camel-bean component as a producer and the exchange is coming from a http-based consumer, such as HTTP component or platform-http. If exploitation occurs, an attacker could call other methods on that bean already in the classpath, but not from other arbitrary java beans, System.getenv, nor part of JDK itself.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2025-27636", }, { category: "external", summary: "RHBZ#2350682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2350682", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2025-27636", url: "https://www.cve.org/CVERecord?id=CVE-2025-27636", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2025-27636", url: "https://nvd.nist.gov/vuln/detail/CVE-2025-27636", }, { category: "external", summary: "https://github.com/apache/camel/commit/781491b446921341f87a13824be4f7b5063776fc", url: "https://github.com/apache/camel/commit/781491b446921341f87a13824be4f7b5063776fc", }, { category: "external", summary: "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z", url: "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z", }, ], release_date: "2025-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-04-02T20:19:22+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:3543", }, { category: "workaround", details: "Remove headers from your Camel routes; this can be accomplished in several ways, including globally or per route.", product_ids: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat build of Apache Camel 4.8.5 for Spring Boot", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "camel-http: org.apache.camel: bypass of header filters via specially crafted response", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.