Vulnerabilites related to NetApp - 7-Mode Transition Tool
var-201601-0016
Vulnerability from variot
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue is fixed in: Firefox 43.0.2 Firefox ESR 38.5.2 Network Security Services 3.20.2.
Gentoo Linux Security Advisory GLSA 201701-46
https://security.gentoo.org/
Severity: Normal Title: Mozilla Network Security Service (NSS): Multiple vulnerabilities Date: January 19, 2017 Bugs: #550288, #571086, #604916 ID: 201701-46
Synopsis
Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information.
Background
The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/nss < 3.28 >= 3.28
Description
Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.28"
References
[ 1 ] CVE-2015-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721 [ 2 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 3 ] CVE-2015-7575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575 [ 4 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 5 ] CVE-2016-5285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5285 [ 6 ] CVE-2016-8635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8635 [ 7 ] CVE-2016-9074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074 [ 8 ] SLOTH Attack Technical Paper http://www.mitls.org/pages/attacks/SLOTH
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-46
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--IaUA2rjNRE1qkoRse7wxSpqjKrtacOEtO--
.
More information can be found at https://www.mitls.org/pages/attacks/SLOTH
For the oldstable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u5. 7) - x86_64
- Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-2884-1 February 01, 2016
openjdk-7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenJDK 7.
Software Description: - openjdk-7: Open Source Java implementation
Details:
Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. (CVE-2016-0483, CVE-2016-0494)
A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2016-0402)
It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used for TLS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to expose sensitive information. (CVE-2015-7575)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0448)
A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-0466)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.10.1
Ubuntu 15.04: icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.04.1
Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:0053-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0053.html Issue date: 2016-01-21 CVE Names: CVE-2015-4871 CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 =====================================================================
- Summary:
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
- Description:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483)
An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494)
It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)
Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1273859 - CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries) 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
i386: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
i386: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
i386: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-4871 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWoM9KXlSAg2UNWIIRAqEwAJwN75xhk+4gvMxjiZkEfLqpUobNvACeLWha qzRinbbktNyylx3SPUV5yWA= =ZO8E -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. (CVE-2015-7575)
Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. (CVE-2016-1523)
Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, and Randell Jesup discovered multiple memory safety issues in Thunderbird. (CVE-2016-1930)
Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "38.1.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "38.2.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "38.5.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.4.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "network security services",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.20.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.3.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.5.0"
},
{
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "43.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.2.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.865"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.866"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.865"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.791"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6105"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.791"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6105"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.866"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.11"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.5"
},
{
"model": "purepower integrated manager service appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "tivoli netcool/omnibus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "ara",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "websphere real time sr8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "infosphere optim query workload tuner for db2 for luw",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.306"
},
{
"model": "infosphere optim query workload tuner for db2 for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "spss collaboration and deployment services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.4.2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.12"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.8"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.12"
},
{
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.17"
},
{
"model": "sterling control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.21"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "oncommand shift",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37001.1"
},
{
"model": "websphere real time sr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "infosphere optim query workload tuner for db2 for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.11.3"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.20"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "36.0.3"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.15"
},
{
"model": "sterling secure proxy ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.0"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "domino fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.15"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50001.1"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "qradar siem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "35"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.5"
},
{
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.3"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1200"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "37"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "infosphere biginsights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.00"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "tivoli system automation for multiplatforms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.2"
},
{
"model": "tivoli storage manageroperations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.300"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "27.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "system networking rackswitch g8316",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.0"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.1"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.31"
},
{
"model": "watson explorer analytical components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0.0.2"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.20"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"model": "websphere real time sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "fabric manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.4"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.1104"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security access manager for web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.116"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.1"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "algo one core",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.10"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.27"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "spss modeler if010",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.7"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.7"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "rlks lkad borrow tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.8"
},
{
"model": "control center ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "cognos business viewpoint fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "system networking rackswitch g8332",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.21.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.14"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "data studio client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.3"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "rational synergy ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.3"
},
{
"model": "netezza diagnostics tools",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.2"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.8"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-1.3.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "sterling control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.10"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.7"
},
{
"model": "tivoli directory integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "system networking rackswitch g8124",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15.0.0.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.4.0.7"
},
{
"model": "spss modeler fp1 if006",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.16"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.2"
},
{
"model": "cloud manager with openstack interim fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.0.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.5"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.7.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "40.0.3"
},
{
"model": "integrated management module ii for bladecenter 1aoo70h-5.40",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.110"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"model": "rational publishing engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "ara",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.0.2"
},
{
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.9"
},
{
"model": "virtual fabric 10gb switch module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.8.23.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.213"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "g8264cs si fabric image",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "websphere message broker toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.11"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"model": "ccr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.2"
},
{
"model": "vasa provider for clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.28"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.19"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.6"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.3"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "watson explorer annotation administration console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0.0.2"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.2"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.12"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"model": "integrated management module ii for bladecenter 1aoo",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.4.1"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.0"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.3.2"
},
{
"model": "infosphere data architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.3"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.35"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.32"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.6"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "algo one core",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.12"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "websphere real time sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3920"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.32"
},
{
"model": "security identity governance and intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.01"
},
{
"model": "ftm for cps",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.1"
},
{
"model": "explorer for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.0.1"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.2.01"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "sterling secure proxy ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"model": "bigfix security compliance analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"model": "spss modeler fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.4"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.71"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.2"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "35.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.5"
},
{
"model": "operations analytics predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-1.3.3"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1100"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"model": "si4093 image",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16.0.0.2"
},
{
"model": "system networking rackswitch g8052",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "websphere application server for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.14"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.6"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.5"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"model": "system networking rackswitch g8332",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.22.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "tivoli system automation for multiplatforms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "infosphere data architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.111"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.18"
},
{
"model": "websphere real time sr fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3930"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.0.1"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0.9"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "37.0.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "fabric operating system 7.4.1a",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15.0.0.3"
},
{
"model": "oncommand performance manager",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.15"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.3"
},
{
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.3"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "ds8000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3"
},
{
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.0.2"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.6"
},
{
"model": "tivoli composite application manager for soa",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "rlks lkad borrow tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "39.0.3"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2-4"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35001.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.7"
},
{
"model": "integration toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.41"
},
{
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "qradar siem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.4"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.020"
},
{
"model": "bundle of g8264cs image",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.14.2"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"model": "cognos command center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.0"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.10"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.1"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.3"
},
{
"model": "security guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.24"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.01"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "cognos command center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.4"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.17"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.0.2"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1.5"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.21"
},
{
"model": "watson explorer annotation administration console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.2"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.6"
},
{
"model": "spss modeler fp3 if013",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.3"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.7"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.802"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.17.1"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "b-type san switches",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "spss modeler fp2 if001",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.2"
},
{
"model": "network security services",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.20.2"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.8"
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.12"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "purepower integrated manager kvm host",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.1"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"model": "system networking rackswitch g8264",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.1"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.404"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.12"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "20.0.1"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.19"
},
{
"model": "db2 recovery expert for linux unix and windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.16"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.01"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1000"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4.1"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"model": "db2 recovery expert for linux unix and windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "spss modeler fp3 if028",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "14.2"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.19"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.8"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.7"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "client application access",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "e-series/ef-series santricity management plug-ins",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.8"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.2"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.11"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.4.2"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.3"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.88"
},
{
"model": "tivoli storage manager client management services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.200"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.11"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.5"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "system networking rackswitch g8052",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.6.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "20.0"
},
{
"model": "enterprise linux server eus 6.7.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "websphere extreme scale",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "security guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.0.13"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.3"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15.0.0.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.3"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.1.8"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.4"
},
{
"model": "tivoli network manager if0002 ip editio",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.7"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "spss modeler fp3 if023",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "14.2"
},
{
"model": "system networking rackswitch g8124-e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "qradar incident forensics",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.9"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "rational publishing engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.04"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.18"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.10"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "25.0"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.18"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.4"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.1"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.6.0.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.2.0.8"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.54"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.15"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.8"
},
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0.0.2"
},
{
"model": "integrated management module ii for flex systems 1aoo",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.6"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.18"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.6"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.07"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.4"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17.0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.0"
},
{
"model": "system networking rackswitch g8124",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "infosphere data architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"model": "virtual fabric 10gb switch module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.8.24.0"
},
{
"model": "control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.0"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.14"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.5.0.6"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "control center 6.0.0.1ifix01",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.9.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.15"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1.1"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.303"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.12"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.12"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.0"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.0.1"
},
{
"model": "rbac user creator for data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.25"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.4"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "sdk for node.js",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "cognos tm1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.16"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "filenet eprocess",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.16"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.5"
},
{
"model": "operations analytics predictive insights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-1.3.2"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.7.5"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "websphere appliance management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.87"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.3"
},
{
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.1"
},
{
"model": "tivoli storage manageroperations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4.100"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "os image for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "websphere extreme scale",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.4"
},
{
"model": "rational developer for c/c++",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.7"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "infosphere optim query workload tuner for db2 for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "spss modeler fp3 if016",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.4"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.14.3"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "multi-enterprise integration gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.11"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.8"
},
{
"model": "fabric manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.04.0048"
},
{
"model": "elastic storage server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.7"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.32"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.3.0.10"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.0"
},
{
"model": "websphere real time sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5"
},
{
"model": "tivoli netcool/omnibus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.1.3"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.210"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.22"
},
{
"model": "ara",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9.1"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.1.23"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.3.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "security guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.7.7"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.37"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.5"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "cognos command center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.3"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.303"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0.1"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.200"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "sterling secure proxy ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.3"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.11"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.1.0.7"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.5"
},
{
"model": "algo one core",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.3"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.6"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.2"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "websphere real time",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "1/10gb uplink ethernet switch module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.14.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "security network intrusion prevention system gv200",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "rational synergy ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.3"
},
{
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.13"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.6.0.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.4.0.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.4"
},
{
"model": "spss modeler fp3 if011",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.7"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4"
},
{
"model": "system networking rackswitch g8124",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.6.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10"
},
{
"model": "qradar incident forensics",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "linux enterprise module for legacy software",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "tivoli system automation for multiplatforms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.11"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.11"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.23"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.46"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.21"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.10"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.44"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.9"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.12"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.200"
},
{
"model": "data studio client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0.0.0"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.5"
},
{
"model": "smartcloud entry jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.55"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.12"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.212"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0"
},
{
"model": "snapcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.2"
},
{
"model": "sterling control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "39"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.17"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8"
},
{
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.7"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "websphere real time sr fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3810"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.2"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.5"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "domino fp if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.132"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.14.1"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1.0"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.4"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.16.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "34"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tivoli monitoring fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.302"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.12"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.3"
},
{
"model": "system networking rackswitch g8264",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.2"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.1.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.67"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "29.0.1"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.0.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "firefox esr",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.5.2"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.4"
},
{
"model": "infosphere data architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.20.1"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "sterling control center ifix02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.34"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "tivoli netcool configuration manager if001",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "security access manager for web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.12"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1.3"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.029"
},
{
"model": "integrated management module ii for system 1aoo70h-5.40",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "x"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.6"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.7.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "36.0.4"
},
{
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.24"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.6"
},
{
"model": "spss collaboration and deployment services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "infosphere optim query workload tuner for db2 for luw",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.28"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.14.4"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "fibre channel switch",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "security guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "22.0"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "37.0.2"
},
{
"model": "qradar siem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.11"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.3.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.52"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "40"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "33"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "system networking rackswitch g8264cs",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.3"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.1"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10.1"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "spss collaboration and deployment services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.3"
},
{
"model": "system networking rackswitch g8124-e",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.5.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15.4"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"model": "cloud manager with openstack interix fix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.3"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.7"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.5.0.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.2"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.2"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.13"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.1"
},
{
"model": "rational developer for c/c++",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.24"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.13.4"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.0"
},
{
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0.1"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.19"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.4"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1"
},
{
"model": "websphere application server for bluemix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.33"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.3"
},
{
"model": "bundle of g8264cs image",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "os image for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "26.0"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "qradar incident forensics patch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.62"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.6.0.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.10"
},
{
"model": "system networking rackswitch g8264t",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.23"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.4"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.26"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.6"
},
{
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.5"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.16.2.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"model": "os image for red hat",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "algo one core",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.9"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.3"
},
{
"model": "snapmanager for sharepoint",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.3"
},
{
"model": "qradar siem mr2 patch if",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.112"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "websphere ilog jrules",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.26"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.10"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.4"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3.1"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "watson explorer analytical components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.0"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.11"
},
{
"model": "flex system en2092 1gb ethernet scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.17"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.18"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.5"
},
{
"model": "tivoli storage manager client management services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2"
},
{
"model": "tivoli directory integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.8"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0.2"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.10"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.7"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.2"
},
{
"model": "system networking rackswitch g8264",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.6.0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.0"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.31"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.6"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.1"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.8"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.4"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.1"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "spss analytic server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5.1"
},
{
"model": "flex system chassis management module 2pet14c-2.5.5c",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.0.7"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"model": "integrated management module ii for flex systems 1aoo70h-5.40",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.22"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "websphere datapower xc10 appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.9"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.18"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.803"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6.1"
},
{
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.13"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "flex system fabric cn4093 10gb converged scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "security network intrusion prevention system gx7412",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.22"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "rational synergy ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.4"
},
{
"model": "system networking rackswitch g8052",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.16.0"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.5.0.1"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "28.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.2"
},
{
"model": "websphere real time sr7 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "infosphere optim query workload tuner for db2 for luw",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "websphere extreme scale",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.0.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.4.19"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.25"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.13.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.8"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "tivoli netcool/omnibus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16.0.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.8"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "sterling control center ifix04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.0.1"
},
{
"model": "tivoli monitoring",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"model": "infosphere optim query workload tuner for db2 for luw",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1000"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.311"
},
{
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational developer for c/c++",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "ccr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.0"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "43.0.2"
},
{
"model": "system networking rackswitch g8124-e",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11.6.0"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.14"
},
{
"model": "tivoli netcool configuration manager if",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.6003"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.2.3"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.4"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.5"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "spss modeler fp2 if006",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.14"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.66"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.12"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.3"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.6"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "watson explorer annotation administration console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.03"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.7"
},
{
"model": "ftm for cps",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.2"
},
{
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "sterling control center ifix06",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3.0.10"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.32"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.14"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.05"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"model": "jrockit r28.3.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1.0.7"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.4.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational synergy ifix01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.7"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.7"
},
{
"model": "1/10gb uplink ethernet switch module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.8.23.0"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "spss modeler fp3 if025",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "14.2"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.11"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.5"
},
{
"model": "ccr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "installation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.8.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7"
},
{
"model": "websphere real time sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "sterling control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "infosphere optim query workload tuner for db2 for luw",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.25"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "30.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"model": "spss modeler fp1 if021",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17"
},
{
"model": "smartcloud entry jre update",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.34"
},
{
"model": "websphere real time sr8 fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.010"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15.3.1"
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.10"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.3.0.12"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.5"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "os image for red hat",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "28.0.1"
},
{
"model": "tivoli network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "tivoli storage manager client management service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.4.000"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.0"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35006.2"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.5"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.2.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "25.0.1"
},
{
"model": "security access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "29.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.2"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "rational publishing engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3.0.10"
},
{
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.2"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.3"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.10"
},
{
"model": "control center 6.0.0.0ifix03",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.6"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.8"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.16"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "cognos business viewpoint fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"model": "cognos command center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.23"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.6"
},
{
"model": "flex system chassis management module 2pet",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.1.0.7"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.5"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.2"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli netcool/omnibus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "system networking rackswitch g8316",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.16.0"
},
{
"model": "flex system fabric si4093 system interconnect module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.0"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "control center ifix03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "security directory integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "host on-demand",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.19"
},
{
"model": "sterling connect:direct ftp+",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"model": "infosphere optim query workload tuner for db2 for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "tivoli system automation for multiplatforms",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0.1"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "17.0.0.1"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "virtual storage console for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "spectrum scale",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.50"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"model": "b-type san directors",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.6"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.16"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.0.2"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.9"
},
{
"model": "content foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.85"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "system networking switch center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.32"
},
{
"model": "image construction and composition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.0"
},
{
"model": "data studio client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.6.0.3"
},
{
"model": "snapcenter plug-in for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.27"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "g8264cs si fabric image",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.7.2"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "tivoli access manager for e-business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.2"
},
{
"model": "websphere operational decision management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "system networking rackswitch g8124",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.16.0"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "purepower integrated manager appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.1"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.9"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.13"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "27.0"
},
{
"model": "fabric operating system 7.4.1c",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.2.0.8"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.5"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0.1"
},
{
"model": "rational developer for c/c++",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.3"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.405"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.19"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.4"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "14.2"
},
{
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"model": "websphere extreme scale",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.32"
},
{
"model": "san volume controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.9"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15.1"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.4.1.8"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "cognos insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.4"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.51"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"model": "purepower integrated manager power vc appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.13"
},
{
"model": "websphere real time sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.6"
},
{
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "b2b advanced communications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.2"
},
{
"model": "infosphere biginsights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.2"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.14"
},
{
"model": "websphere real time sr4-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "rational developer for c/c++",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.5.0.6"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.5"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.2.06"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"model": "cplex enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.4"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1.4"
},
{
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.18"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.8"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.11"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"model": "data studio client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.11"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.6"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.21"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.1"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.07"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.3.0"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.3"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2000"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.13"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "spss modeler fp2 if013",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16"
},
{
"model": "si4093 image",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "datapower gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.11"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.17"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.1"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "flex system fabric en4093r 10gb scalable switch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.12.0"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "filenet business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.2.02"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"model": "infosphere data architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "rational service tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "41.0.2"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.15"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "43.0.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "oncommand cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "gpfs storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.3"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3.0.1"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.6"
},
{
"model": "ilog optimization decision manager enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.4.0.7"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.1.15"
},
{
"model": "integrated management module ii for system 1aoo",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.3"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "36"
},
{
"model": "messagesight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.1"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.3"
},
{
"model": "rational collaborative lifecycle management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational software architect realtime edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70006.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.211"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "watson explorer analytical components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.0"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.6"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0.12"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.17"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.2"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15.0"
},
{
"model": "workload deployer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.17"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.1"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.12"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.3"
},
{
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "system networking rackswitch g8264cs",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.13.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.17.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.16"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "content foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "spss analytic server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.10"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.21"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "security network intrusion prevention system gv1000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0.1"
},
{
"model": "cplex optimization studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "12.6.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "marketing operations",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"model": "netezza diagnostics tools",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3.1.1"
},
{
"model": "infosphere optim query workload tuner for db2 for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.26"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0.3"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1.1"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.4"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.7"
},
{
"model": "cognos command center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.4"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "decision optimization center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.9"
},
{
"model": "rational publishing engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.10"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "security appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sterling secure proxy ifix05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.28"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50007.3"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.0.6"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "rational developer for c/c++",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.39"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "system networking switch center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.2.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "elastic storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "1/10gb uplink ethernet switch module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.8.24.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.3"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.24"
},
{
"model": "rational functional tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.4"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.8"
},
{
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security appscan source",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.4.0.7"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16.0.0.0"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.1"
},
{
"model": "websphere real time sr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "39"
},
{
"model": "datapower gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.3"
},
{
"model": "mq appliance m2000",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.3"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.0"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "elastic storage server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5.3"
},
{
"model": "rlks administration and reporting tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0"
},
{
"model": "sterling external authentication server ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.86"
},
{
"model": "system networking rackswitch g8264t",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.16.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.6"
},
{
"model": "1/10gb uplink ethernet switch module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.13.0"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.15.2"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.19"
},
{
"model": "virtual fabric 10gb switch module",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.10.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.2"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37006.4.1.8"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.7"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.3"
},
{
"model": "rational test workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7.0.3"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "snapcenter plug-in for microsoft sql server",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.1.0.6"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.12"
},
{
"model": "packaging utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.8.4"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5.3"
},
{
"model": "websphere service registry and repository studio",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security access manager for web",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"model": "system networking rackswitch g8264",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.16.0"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v50006.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.4"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.19"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.3.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.10"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.2.1"
},
{
"model": "rational developer for power systems software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"model": "watson explorer annotation administration console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "system networking rackswitch g8052",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.15.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.3"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1.4"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.6"
},
{
"model": "cloud manager with openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.5"
},
{
"model": "virtual fabric 10gb switch module",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8.9.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0"
},
{
"model": "bluemix liberty for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.9"
},
{
"model": "rational software architect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.3"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.11"
},
{
"model": "rational method composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.9"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "34.0.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "tivoli directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "infosphere streams",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "21.0"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "mq light",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "marketing platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "rational developer for aix and linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1.2"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "rational performance tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.7"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.2"
},
{
"model": "sterling secure proxy ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.1.237"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.18"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.35"
},
{
"model": "data studio client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.2"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.5"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.14"
},
{
"model": "rational software architect for websphere software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.1"
},
{
"model": "rlks administration agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1.4.7"
},
{
"model": "rational business developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.12"
},
{
"model": "oncommand unified manager for clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "6.0"
},
{
"model": "rational developer for aix and cobol",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "watson explorer foundational components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.11"
},
{
"model": "sterling external authentication server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.1.2"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "rational clearcase",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "filenet business process manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.1"
},
{
"model": "spss collaboration and deployment services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "storage services connector",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "sonas",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.1.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.7"
},
{
"model": "watson explorer analytical components",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0.0.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v37007.1"
},
{
"model": "websphere real time sr9 fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "watson content analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "rational developer for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v35007.2.0.8"
},
{
"model": "infosphere biginsights",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.33"
},
{
"model": "system networking rackswitch g8124-e",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.9.16.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "websphere business events",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.34"
},
{
"model": "san volume controller",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6.0.3"
},
{
"model": "storwize",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.5.0.6"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.14.5"
},
{
"model": "storwize",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70007.2.0.8"
},
{
"model": "spss modeler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "15.0.0.2"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
}
],
"sources": [
{
"db": "BID",
"id": "79684"
},
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.20.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "43.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karthikeyan Bhargavan",
"sources": [
{
"db": "BID",
"id": "79684"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7575",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7575",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7575",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nThis issue is fixed in:\nFirefox 43.0.2\nFirefox ESR 38.5.2\nNetwork Security Services 3.20.2. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-46\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mozilla Network Security Service (NSS): Multiple\n vulnerabilities\n Date: January 19, 2017\n Bugs: #550288, #571086, #604916\n ID: 201701-46\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NSS, the worst of which\ncould allow remote attackers to obtain access to private key\ninformation. \n\nBackground\n==========\n\nThe Mozilla Network Security Service (NSS) is a library implementing\nsecurity features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11,\nPKCS #12, S/MIME and X.509 certificates. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/nss \u003c 3.28 \u003e= 3.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NSS. Please review the\nCVE identifiers and technical papers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.28\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-2721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721\n[ 2 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n[ 3 ] CVE-2015-7575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575\n[ 4 ] CVE-2016-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938\n[ 5 ] CVE-2016-5285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5285\n[ 6 ] CVE-2016-8635\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8635\n[ 7 ] CVE-2016-9074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074\n[ 8 ] SLOTH Attack Technical Paper\n http://www.mitls.org/pages/attacks/SLOTH\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-46\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--IaUA2rjNRE1qkoRse7wxSpqjKrtacOEtO--\n\n. \n\nMore information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.12.20-8+deb7u5. 7) - x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-2884-1\nFebruary 01, 2016\n\nopenjdk-7 vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 7. \n\nSoftware Description:\n- openjdk-7: Open Source Java implementation\n\nDetails:\n\nMultiple vulnerabilities were discovered in the OpenJDK JRE related\nto information disclosure, data integrity, and availability. \n(CVE-2016-0483, CVE-2016-0494)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2016-0402)\n\nIt was discovered that OpenJDK 7 incorrectly allowed MD5 to be used\nfor TLS connections. If a remote attacker were able to perform a\nman-in-the-middle attack, this flaw could be exploited to expose\nsensitive information. (CVE-2015-7575)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit this to expose\nsensitive data over the network. (CVE-2016-0448)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit this to cause a denial of\nservice. (CVE-2016-0466)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.10.1\n\nUbuntu 15.04:\n icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.04.1\n\nUbuntu 14.04 LTS:\n icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.14.04.1\n\nThis update uses a new upstream release, which includes additional\nbug fixes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-openjdk security update\nAdvisory ID: RHSA-2016:0053-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0053.html\nIssue date: 2016-01-21\nCVE Names: CVE-2015-4871 CVE-2015-7575 CVE-2016-0402 \n CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 \n CVE-2016-0494 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit. \n\nAn out-of-bounds write flaw was found in the JPEG image format decoder in\nthe AWT component in OpenJDK. A specially crafted JPEG image could cause\na Java application to crash or, possibly execute arbitrary code. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2016-0483)\n\nAn integer signedness issue was found in the font parsing code in the 2D\ncomponent in OpenJDK. A specially crafted font file could possibly cause\nthe Java Virtual Machine to execute arbitrary code, allowing an untrusted\nJava application or applet to bypass Java sandbox restrictions. \n(CVE-2016-0494)\n\nIt was discovered that the JAXP component in OpenJDK did not properly\nenforce the totalEntitySizeLimit limit. An attacker able to make a Java\napplication process a specially crafted XML file could use this flaw to\nmake the application consume an excessive amount of memory. (CVE-2016-0466)\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nMultiple flaws were discovered in the Libraries, Networking, and JMX\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871,\nCVE-2016-0402, CVE-2016-0448)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nNote: This update also disallows the use of the MD5 hash algorithm in the\ncertification path processing. The use of MD5 can be re-enabled by removing\nMD5 from the jdk.certpath.disabledAlgorithms security property defined in\nthe java.security file. \n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1273859 - CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)\n1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)\n1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)\n1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)\n1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)\n1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)\n1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-4871\nhttps://access.redhat.com/security/cve/CVE-2015-7575\nhttps://access.redhat.com/security/cve/CVE-2016-0402\nhttps://access.redhat.com/security/cve/CVE-2016-0448\nhttps://access.redhat.com/security/cve/CVE-2016-0466\nhttps://access.redhat.com/security/cve/CVE-2016-0483\nhttps://access.redhat.com/security/cve/CVE-2016-0494\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWoM9KXlSAg2UNWIIRAqEwAJwN75xhk+4gvMxjiZkEfLqpUobNvACeLWha\nqzRinbbktNyylx3SPUV5yWA=\n=ZO8E\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThis update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805,\nCVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842,\nCVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872,\nCVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903,\nCVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126,\nCVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376,\nCVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494,\nCVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427,\nCVE-2016-3443, CVE-2016-3449)\n\nRed Hat would like to thank Andrea Palazzo of Truel IT for reporting the\nCVE-2015-4806 issue. (CVE-2015-7575)\n\nYves Younan discovered that graphite2 incorrectly handled certain malformed\nfonts. (CVE-2016-1523)\n\nBob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,\nCarsten Book, and Randell Jesup discovered multiple memory safety issues\nin Thunderbird. (CVE-2016-1930)\n\nAki Helin discovered a buffer overflow when rendering WebGL content in\nsome circumstances",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7575"
},
{
"db": "BID",
"id": "79684"
},
{
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"db": "PACKETSTORM",
"id": "140618"
},
{
"db": "PACKETSTORM",
"id": "135212"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "135542"
},
{
"db": "PACKETSTORM",
"id": "135340"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136114"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7575",
"trust": 2.1
},
{
"db": "BID",
"id": "79684",
"trust": 1.4
},
{
"db": "BID",
"id": "91787",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036467",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034541",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2015-7575",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140618",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135339",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135340",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136114",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"db": "BID",
"id": "79684"
},
{
"db": "PACKETSTORM",
"id": "140618"
},
{
"db": "PACKETSTORM",
"id": "135212"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "135542"
},
{
"db": "PACKETSTORM",
"id": "135340"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136114"
},
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"id": "VAR-201601-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3478835966666667
},
"last_update_date": "2024-07-04T21:13:56.044000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Moderate: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20160007 - security advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20160008 - security advisory"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20160012 - security advisory"
},
{
"title": "Ubuntu Security Notice: openssl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2863-1"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2864-1"
},
{
"title": "Debian Security Advisories: DSA-3437-1 gnutls26 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=819c25e4161d9c59fbf9d403120315be"
},
{
"title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2865-1"
},
{
"title": "Ubuntu Security Notice: firefox vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2866-1"
},
{
"title": "Debian Security Advisories: DSA-3436-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=07247103b9fb762bfde68fed155965f3"
},
{
"title": "Amazon Linux AMI: ALAS-2016-651",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-651"
},
{
"title": "Amazon Linux AMI: ALAS-2016-645",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-645"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2015-150",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2015-150"
},
{
"title": "Red Hat: CVE-2015-7575",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7575"
},
{
"title": "Debian Security Advisories: DSA-3457-1 iceweasel -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d48a126fa6377735d59aba73766b6a48"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2904-1"
},
{
"title": "Symantec Security Advisories: SA108 : Transcript Collision Attacks Against TLS 1.2 (SLOTH)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=0c68b89195c7cccd63c86c9e03beac4b"
},
{
"title": "Debian Security Advisories: DSA-3491-1 icedove -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4a77c8f35d141b32b86ffec7b9604cd1"
},
{
"title": "Ubuntu Security Notice: openjdk-7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2884-1"
},
{
"title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01"
},
{
"title": "Debian Security Advisories: DSA-3458-1 openjdk-7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=40831417d121ab10d4dc7fc0d8144eac"
},
{
"title": "Debian Security Advisories: DSA-3465-1 openjdk-6 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=28d9723420cf12ab64c1ab4b2dc2c045"
},
{
"title": "Amazon Linux AMI: ALAS-2016-643",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-643"
},
{
"title": "Amazon Linux AMI: ALAS-2016-661",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-661"
},
{
"title": "Amazon Linux AMI: ALAS-2016-647",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-647"
},
{
"title": "Debian Security Advisories: DSA-3688-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=373dcfd6d281e203a1b020510989c2b1"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "satellite-host-cve",
"trust": 0.1,
"url": "https://github.com/redhatsatellite/satellite-host-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7575"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2884-1"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2016:1430"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/79684"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2904-1"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0053.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0055.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"
},
{
"trust": 1.1,
"url": "https://developer.mozilla.org/docs/mozilla/projects/nss/nss_3.20.2_release_notes"
},
{
"trust": 1.1,
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3465"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0054.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0049.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3457"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3491"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0056.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0050.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3437"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3458"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2863-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2866-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3436"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034541"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2864-1"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2865-1"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036467"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160225-0001/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201801-15"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.3,
"url": "http://www.mozilla.com/en-us/"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/projects/security/pki/nss/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc"
},
{
"trust": 0.3,
"url": "https://kb.netapp.com/support/index?page=content\u0026id=9010065\u0026actp=rss"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=nas8n1021096"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=nas8n1021133"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974599"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974776"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974922"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975233"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975893"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975980"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21976006"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976117"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976169"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21976265"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21976339"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21976527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976852"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976867"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976868"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976926"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977005"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21977045"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977047"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21977054"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977135"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21977202"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977225"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21977244"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/java_jan2016_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023250"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023284"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023292"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023364"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023378"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023408"
},
{
"trust": 0.3,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2015-150/"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099195"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099200"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099203"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099210"
},
{
"trust": 0.3,
"url": " https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099293"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0012.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982337"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0007.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0008.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976573"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978310"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980379"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974637"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099390"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005583"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005584"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005585"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005588"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005673"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005690"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005722"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005735"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972468"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972469"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974192"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974194"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974473"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974643"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974808"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974877"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974888"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974958"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974965"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975410"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975424"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975573"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975785"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975820"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975832"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975835"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975877"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975929"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975930"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976042"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976080"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976113"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976217"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976276"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976341"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976362"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976366"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976442"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976476"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976483"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976545"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976553"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976569"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976631"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976678"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976733"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976763"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976765"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976768"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976779"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976840"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976842"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976844"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976845"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976854"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976855"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976869"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976886"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976888"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976894"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976896"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976925"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976947"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976957"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977127"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977129 "
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977347"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977407"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977517"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977518"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977523"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977575"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977618"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977646"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977647"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977664"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977838"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977880"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978008"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978026"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978188"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979194"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979412"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979757"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981333"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981540"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982445"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982446"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099197 "
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0448"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0448"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0466"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-7575"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0483"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0483"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0402"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0494"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0466"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0402"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0494"
},
{
"trust": 0.2,
"url": "http://www.mitls.org/pages/attacks/sloth"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-8472"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-4871"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4871"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/19.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2016:0007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2863-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42929"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8635"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7575"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5285"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2721"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8635"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5285"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0475"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0475"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.15.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.15.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0376"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0376"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-8540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-4806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-5041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0264"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.6.0+build1-0ubuntu0.15.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.6.0+build1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1930"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.6.0+build1-0ubuntu0.12.04.1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"db": "BID",
"id": "79684"
},
{
"db": "PACKETSTORM",
"id": "140618"
},
{
"db": "PACKETSTORM",
"id": "135212"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "135542"
},
{
"db": "PACKETSTORM",
"id": "135340"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136114"
},
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"db": "BID",
"id": "79684"
},
{
"db": "PACKETSTORM",
"id": "140618"
},
{
"db": "PACKETSTORM",
"id": "135212"
},
{
"db": "PACKETSTORM",
"id": "135339"
},
{
"db": "PACKETSTORM",
"id": "135542"
},
{
"db": "PACKETSTORM",
"id": "135340"
},
{
"db": "PACKETSTORM",
"id": "137932"
},
{
"db": "PACKETSTORM",
"id": "136114"
},
{
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"date": "2015-12-22T00:00:00",
"db": "BID",
"id": "79684"
},
{
"date": "2017-01-20T01:24:46",
"db": "PACKETSTORM",
"id": "140618"
},
{
"date": "2016-01-11T16:58:47",
"db": "PACKETSTORM",
"id": "135212"
},
{
"date": "2016-01-21T14:47:36",
"db": "PACKETSTORM",
"id": "135339"
},
{
"date": "2016-02-02T01:59:06",
"db": "PACKETSTORM",
"id": "135542"
},
{
"date": "2016-01-21T14:47:43",
"db": "PACKETSTORM",
"id": "135340"
},
{
"date": "2016-07-18T19:51:43",
"db": "PACKETSTORM",
"id": "137932"
},
{
"date": "2016-03-08T10:13:00",
"db": "PACKETSTORM",
"id": "136114"
},
{
"date": "2016-01-09T02:59:10.910000",
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7575"
},
{
"date": "2016-10-26T02:01:00",
"db": "BID",
"id": "79684"
},
{
"date": "2018-10-30T16:27:35.843000",
"db": "NVD",
"id": "CVE-2015-7575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "79684"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "79684"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "79684"
}
],
"trust": 0.3
}
}
var-202204-0596
Vulnerability from variot
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). It exists that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: java-11-openjdk security, bug fix, and enhancement update Advisory ID: RHSA-2022:1440-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1440 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary:
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). (BZ#2047531)
Security Fix(es):
-
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
-
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
-
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
-
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
-
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2047531 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 11.0.15) [rhel-7] 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
ppc64: java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64.rpm
ppc64le: java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64le.rpm
s390x: java-11-openjdk-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.s390x.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64.rpm
ppc64le: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64le.rpm
s390x: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.s390x.rpm
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYmAx+NzjgjWX9erEAQjH/Q/+LWdIlvKxvVPZ5cWaFA2ZTaQrMfJiad6H 3lauUSupgikqAiHVhFviBTMlNpLg38lrt2gMgjDFodSi9SEUT9qp0ig1bC9FBqGt XifysNiTI6pJCIZiQDUlIsguakgJYv8oiuAPfBYZafV5LrVbgQXRBSlybpghXd87 21DymPq84hWR32lFNgQscDUI5MBmmMjn69Ta3iiKi51q5apNAggAyW6XzsA3JJQL M3/j0i1HcY4ONTip0M0lWxfneS/JTm6PO3NODBlIbHIBjMH2Ve6hBAdv2k67VgAm MGzhhwufwvbtq1WGvXZCxLCsRL092PSSoar3Mu3bnT7Aop2iQf28D9Fivk+IS2Ra n6/+Q6qwvonIbhMKg1DoPITivbbJyZJ47LRq7uc5zhx62z5ipVhx0PJU0UhGifRX ZHtOeLAWh+yob2cOs/5U2lydQ5whdJVeWWI8uC7jW+4N21OEVtpPU4yZezB5YTPl N4549Z8EcOOAOr4EM0v74Kv9Frrw6LoVKcC9nhCc/jLTlchYCl7p5LcQs+4xSkNO 12mg+dQAibL4txGMGkJVJBc0jIhN8CWuLPORnvjbfAQ9D6/esWGNBMrZZmbbqn5y 5d2CgprQx3Rk+4kI66emdZClZYB4P6tykCpPlFAVNtHbGcHFDHLBtchu5unRBbyw gxhzoRdL38A=hHHS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2334 - [release-5.3] Events listing out of order in Kibana 6.8.1 LOG-2450 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working LOG-2481 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.3]
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2022:2270
Space precludes documenting all of the container images in this advisory.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-x86_64
The image digest is sha256:4ebcb3aea63d4acbb92118d3ae7ed08d3ebb1a66e7f79fddbb4da74883a12d0a
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-s390x
The image digest is sha256:5ed0fc5b89e3ec257db50f936f788492211e4de4a741f930191ab2d3bc7ceec3
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-ppc64le
The image digest is sha256:908ec3688cc152b15faaea3f71bb4ba59565df60e9846f08fcd15a6c2b43274a
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2057544 - Cancel rpm-ostree transaction after failed rebase 2058674 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2062655 - [4.8.z backport] cluster scaling new nodes ovs-configuration fails on all new nodes 2070762 - [4.8z] WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2074053 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2074680 - csv_succeeded metric not present in olm-operator for all successful CSVs 2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file 2077004 - Bump to latest available 1.21.11 k8s 2077370 - [4.8.z] NetworkPolicy tests are failing on metal IPv6 2077765 - (release-4.8) Gather namespace names with overlapping UID ranges 2078477 - Latest ose-jenkins-agent-base:v4.9.0 image fails to start on OpenShift due to FIPS error 2084259 - [4.8] OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2088196 - Redfish set boot device failed for node in OCP 4.8 latest RC
-
8) - ppc64le, s390x, x86_64
This update upgrades IBM Java SE 8 to version 8 SR7-FP10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "7.52"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "6.45"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "e-series santricity storage manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3.1"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud insights acquisition unit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "13.46"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.5"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "18.28"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.0.0.2"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "15.38"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "17.32"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "11.54"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "8.60"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:11.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "167140"
},
{
"db": "PACKETSTORM",
"id": "167122"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "167385"
},
{
"db": "PACKETSTORM",
"id": "167271"
},
{
"db": "PACKETSTORM",
"id": "167942"
}
],
"trust": 0.8
},
"cve": "CVE-2022-21434",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-407047",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-21434",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21434",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2022-21434",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-407047",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-21434",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). It exists that OpenJDK incorrectly validated the encoded length of\ncertain object identifiers. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-21443). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: java-11-openjdk security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1440-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1440\nIssue date: 2022-04-20\nCVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443\n CVE-2022-21476 CVE-2022-21496\n====================================================================\n1. Summary:\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit. \n\nThe following packages have been upgraded to a later upstream version:\njava-11-openjdk (11.0.15.0.9). (BZ#2047531)\n\nSecurity Fix(es):\n\n* OpenJDK: Defective secure validation in Apache Santuario (Libraries,\n8278008) (CVE-2022-21476)\n\n* OpenJDK: Unbounded memory allocation when compiling crafted XPath\nexpressions (JAXP, 8270504) (CVE-2022-21426)\n\n* OpenJDK: Improper object-to-string conversion in\nAnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)\n\n* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)\n(CVE-2022-21443)\n\n* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of OpenJDK Java must be restarted for this update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2047531 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 11.0.15) [rhel-7]\n2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)\n2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)\n2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)\n2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)\n2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nppc64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64.rpm\n\nppc64le:\njava-11-openjdk-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64le.rpm\n\ns390x:\njava-11-openjdk-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.s390x.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64.rpm\n\nppc64le:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64le.rpm\n\ns390x:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.s390x.rpm\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-21426\nhttps://access.redhat.com/security/cve/CVE-2022-21434\nhttps://access.redhat.com/security/cve/CVE-2022-21443\nhttps://access.redhat.com/security/cve/CVE-2022-21476\nhttps://access.redhat.com/security/cve/CVE-2022-21496\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYmAx+NzjgjWX9erEAQjH/Q/+LWdIlvKxvVPZ5cWaFA2ZTaQrMfJiad6H\n3lauUSupgikqAiHVhFviBTMlNpLg38lrt2gMgjDFodSi9SEUT9qp0ig1bC9FBqGt\nXifysNiTI6pJCIZiQDUlIsguakgJYv8oiuAPfBYZafV5LrVbgQXRBSlybpghXd87\n21DymPq84hWR32lFNgQscDUI5MBmmMjn69Ta3iiKi51q5apNAggAyW6XzsA3JJQL\nM3/j0i1HcY4ONTip0M0lWxfneS/JTm6PO3NODBlIbHIBjMH2Ve6hBAdv2k67VgAm\nMGzhhwufwvbtq1WGvXZCxLCsRL092PSSoar3Mu3bnT7Aop2iQf28D9Fivk+IS2Ra\nn6/+Q6qwvonIbhMKg1DoPITivbbJyZJ47LRq7uc5zhx62z5ipVhx0PJU0UhGifRX\nZHtOeLAWh+yob2cOs/5U2lydQ5whdJVeWWI8uC7jW+4N21OEVtpPU4yZezB5YTPl\nN4549Z8EcOOAOr4EM0v74Kv9Frrw6LoVKcC9nhCc/jLTlchYCl7p5LcQs+4xSkNO\n12mg+dQAibL4txGMGkJVJBc0jIhN8CWuLPORnvjbfAQ9D6/esWGNBMrZZmbbqn5y\n5d2CgprQx3Rk+4kI66emdZClZYB4P6tykCpPlFAVNtHbGcHFDHLBtchu5unRBbyw\ngxhzoRdL38A=hHHS\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2334 - [release-5.3] Events listing out of order in Kibana 6.8.1\nLOG-2450 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working\nLOG-2481 - EO shouldn\u0027t grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.3]\n\n6. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.8.41. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2022:2270\n\nSpace precludes documenting all of the container images in this advisory. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.8.41-x86_64\n\nThe image digest is\nsha256:4ebcb3aea63d4acbb92118d3ae7ed08d3ebb1a66e7f79fddbb4da74883a12d0a\n\n(For s390x architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.8.41-s390x\n\nThe image digest is\nsha256:5ed0fc5b89e3ec257db50f936f788492211e4de4a741f930191ab2d3bc7ceec3\n\n(For ppc64le architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.8.41-ppc64le\n\nThe image digest is\nsha256:908ec3688cc152b15faaea3f71bb4ba59565df60e9846f08fcd15a6c2b43274a\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2057544 - Cancel rpm-ostree transaction after failed rebase\n2058674 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage \u0026 proper backoff\n2062655 - [4.8.z backport] cluster scaling new nodes ovs-configuration fails on all new nodes\n2070762 - [4.8z] WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2074053 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling\n2074680 - csv_succeeded metric not present in olm-operator for all successful CSVs\n2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file\n2077004 - Bump to latest available 1.21.11 k8s\n2077370 - [4.8.z] NetworkPolicy tests are failing on metal IPv6\n2077765 - (release-4.8) Gather namespace names with overlapping UID ranges\n2078477 - Latest ose-jenkins-agent-base:v4.9.0 image fails to start on OpenShift due to FIPS error\n2084259 - [4.8] OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2088196 - Redfish set boot device failed for node in OCP 4.8 latest RC\n\n5. 8) - ppc64le, s390x, x86_64\n\n3. \n\nThis update upgrades IBM Java SE 8 to version 8 SR7-FP10",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
},
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "167140"
},
{
"db": "PACKETSTORM",
"id": "167122"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "167385"
},
{
"db": "PACKETSTORM",
"id": "167271"
},
{
"db": "PACKETSTORM",
"id": "167942"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21434",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "167385",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167122",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167140",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167942",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167271",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167456",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167327",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166967",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167142",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167454",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167979",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407047",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-21434",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166903",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "167140"
},
{
"db": "PACKETSTORM",
"id": "167122"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "167385"
},
{
"db": "PACKETSTORM",
"id": "167271"
},
{
"db": "PACKETSTORM",
"id": "167942"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"id": "VAR-202204-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:48:32.252000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-21434"
},
{
"title": "Ubuntu Security Notice: USN-5388-1: OpenJDK vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5388-1"
},
{
"title": "Red Hat: Moderate: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225837 - security advisory"
},
{
"title": "Red Hat: Moderate: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224959 - security advisory"
},
{
"title": "Ubuntu Security Notice: USN-5388-2: OpenJDK vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5388-2"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221487 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221442 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221440 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221488 - security advisory"
},
{
"title": "Red Hat: Important: OpenJDK 8u332 Windows builds release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221492 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221441 - security advisory"
},
{
"title": "Red Hat: Important: OpenJDK 11.0.15 security update for Portable Linux Builds",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221435 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221444 - security advisory"
},
{
"title": "Red Hat: Important: OpenJDK 11.0.15 security update for Windows Builds",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221439 - security advisory"
},
{
"title": "Red Hat: Important: OpenJDK 8u332 security update for Portable Linux Builds",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221438 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221490 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221491 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221489 - security advisory"
},
{
"title": "Red Hat: Moderate: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224957 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221728 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222137 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221443 - security advisory"
},
{
"title": "Red Hat: Important: OpenJDK 17.0.3 security update for Windows Builds",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221437 - security advisory"
},
{
"title": "Red Hat: Important: java-17-openjdk security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221445 - security advisory"
},
{
"title": "Red Hat: Important: OpenJDK 17.0.3 security update for Portable Linux Builds",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221436 - security advisory"
},
{
"title": "Red Hat: Important: java-17-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221729 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-5131-1 openjdk-11 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c8840c405cfcf2d530316add80d95b7"
},
{
"title": "Debian Security Advisories: DSA-5128-1 openjdk-17 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c35e0aa61b24f917b1354b5d6ba66425"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.8.41 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222272 - security advisory"
},
{
"title": "Red Hat: Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container images",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221679 - security advisory"
},
{
"title": "Red Hat: Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container image",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221713 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.7.50 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221699 - security advisory"
},
{
"title": "Ubuntu Security Notice: USN-5546-2: OpenJDK 8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5546-2"
},
{
"title": "Ubuntu Security Notice: USN-5546-1: OpenJDK vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5546-1"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 3.11.705 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222281 - security advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1791",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1791"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1790",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1790"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1778"
},
{
"title": "Amazon Linux 2: ALAS2CORRETTO8-2022-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2corretto8-2022-002"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222216 - security advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Security and Bug update Release (5.2.10)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222218 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222217 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-113"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-112"
},
{
"title": "Amazon Linux 2: ALAS2JAVA-OPENJDK11-2022-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2java-openjdk11-2022-002"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221622 - security advisory"
},
{
"title": "Red Hat: Low: Release of OpenShift Serverless Version 1.22.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221747 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1633",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1633"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1631",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1631"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1835",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1835"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-21434"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0759"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25636"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0759"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5388-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2218"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_windows/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1677"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35561"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "167140"
},
{
"db": "PACKETSTORM",
"id": "167122"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "167385"
},
{
"db": "PACKETSTORM",
"id": "167271"
},
{
"db": "PACKETSTORM",
"id": "167942"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "167140"
},
{
"db": "PACKETSTORM",
"id": "167122"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "167385"
},
{
"db": "PACKETSTORM",
"id": "167271"
},
{
"db": "PACKETSTORM",
"id": "167942"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-407047"
},
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"date": "2022-04-21T15:09:24",
"db": "PACKETSTORM",
"id": "166800"
},
{
"date": "2022-04-21T15:08:25",
"db": "PACKETSTORM",
"id": "166794"
},
{
"date": "2022-05-12T15:53:27",
"db": "PACKETSTORM",
"id": "167140"
},
{
"date": "2022-05-12T15:38:35",
"db": "PACKETSTORM",
"id": "167122"
},
{
"date": "2022-04-29T12:37:12",
"db": "PACKETSTORM",
"id": "166903"
},
{
"date": "2022-06-03T15:56:14",
"db": "PACKETSTORM",
"id": "167385"
},
{
"date": "2022-05-26T16:32:44",
"db": "PACKETSTORM",
"id": "167271"
},
{
"date": "2022-08-04T14:46:43",
"db": "PACKETSTORM",
"id": "167942"
},
{
"date": "2022-04-19T21:15:15.387000",
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-407047"
},
{
"date": "2023-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21434"
},
{
"date": "2024-06-21T19:15:22.170000",
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-1444-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "166800"
}
],
"trust": 0.1
}
}
var-202004-1137
Vulnerability from variot
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2754, CVE-2020-2755). ========================================================================== Ubuntu Security Notice USN-4337-1 April 22, 2020
openjdk-8, openjdk-lts vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenJDK.
Software Description: - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation
Details:
It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755)
It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757)
Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767)
It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773)
Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778)
Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781)
Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800)
Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805)
It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816)
It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: openjdk-11-jdk 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre-headless 11.0.7+10-2ubuntu2~19.10 openjdk-11-jre-zero 11.0.7+10-2ubuntu2~19.10 openjdk-8-jdk 8u252-b09-1~19.10 openjdk-8-jre 8u252-b09-1~19.10 openjdk-8-jre-headless 8u252-b09-1~19.10 openjdk-8-jre-zero 8u252-b09-1~19.10
Ubuntu 18.04 LTS: openjdk-11-jdk 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-headless 11.0.7+10-2ubuntu2~18.04 openjdk-11-jre-zero 11.0.7+10-2ubuntu2~18.04 openjdk-8-jdk 8u252-b09-1~18.04 openjdk-8-jre 8u252-b09-1~18.04 openjdk-8-jre-headless 8u252-b09-1~18.04 openjdk-8-jre-zero 8u252-b09-1~18.04
Ubuntu 16.04 LTS: openjdk-8-jdk 8u252-b09-1~16.04 openjdk-8-jre 8u252-b09-1~16.04 openjdk-8-jre-headless 8u252-b09-1~16.04 openjdk-8-jre-jamvm 8u252-b09-1~16.04 openjdk-8-jre-zero 8u252-b09-1~16.04
This update uses a new upstream release, which includes additional bug fixes. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64
-
8.0) - aarch64, ppc64le, s390x, x86_64
-
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
- operator-framework/presto: /etc/passwd was given incorrect privileges (CVE-2019-19352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.3, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges
-
7) - x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2020:1512-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1512 Issue date: 2020-04-21 CVE Names: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 =====================================================================
- Summary:
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
-
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803)
-
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805)
-
OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773)
-
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781)
-
OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800)
-
OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830)
-
OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754)
-
OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755)
-
OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)
-
OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1823199 - CVE-2020-2754 OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) 1823200 - CVE-2020-2755 OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) 1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) 1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) 1823224 - CVE-2020-2773 OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) 1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) 1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) 1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) 1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) 1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
ppc64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64.rpm
ppc64le: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64le.rpm
s390x: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.s390x.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
ppc64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64.rpm
ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64le.rpm
s390x: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.s390x.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.s390x.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm
x86_64: java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm
x86_64: java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-2754 https://access.redhat.com/security/cve/CVE-2020-2755 https://access.redhat.com/security/cve/CVE-2020-2756 https://access.redhat.com/security/cve/CVE-2020-2757 https://access.redhat.com/security/cve/CVE-2020-2773 https://access.redhat.com/security/cve/CVE-2020-2781 https://access.redhat.com/security/cve/CVE-2020-2800 https://access.redhat.com/security/cve/CVE-2020-2803 https://access.redhat.com/security/cve/CVE-2020-2805 https://access.redhat.com/security/cve/CVE-2020-2830 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXp7Zs9zjgjWX9erEAQijNg//Wv9fjFvkxHC42Hd5YcN8qnGcf6gdOYDW pAv6Tv6q9pstko1bcUZYa0V01XejJYe/5uAADu3QGe1aMihI0VMjXrlFULW1laNS QTRtsnzTac5Gm3cJZKDXIv1ITI+fgGBWOvwN9lketAQtO5su+JbPTPQ4S0rBy55D gAVa8RVPi6qQt85HmXDrrpaAI2N8EFVkJBpC9ZRRFtI5wTv//bVx29Qw/sthlN3N qXwO8KZI44Xbe+vb6QpGcNkly+Dh7CdeVFV1OVkqx8eOVA8Cj45NAeBgP1W8n2VQ zt0GiKCbrV49e2AsBgmK49/J3N2L9xalsHSn54+6N02rcjf4dseV5flz5/unSIDc gPqFCTRbGZcIdjFbilvsklGBVfBzXjw5SjUemMKYggXa+6L74O+kuH4TRZRXhmEX 70Kvn1w0ta8P1bxK0A6BM6ZnDo5f7jVIQipk2M/hw6SDzu7ZA5zbDRCg419AZ8qc syuuHWmdfpRRj0XlUw5eBfBUq8UL+huEfRvu85zBhvhTw/Pyu+T0nQ7iofSyqvob 2LlLyPV14RBOzGIWLqrt2tGBUYanKULxIdT+VtSu4gyuloGc84onSLTqU0Ucbc85 nxpY6nc9GxOYWCMDITnr4xiRXQuUuE5V4UVwsFlr+xsEYcsAXdPLzyXzw8S8sL+Z yPjQbJvoqgE= =5P5C -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4662-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq
Package : openjdk-11 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
For the stable distribution (buster), these problems have been fixed in version 11.0.7+10-3~deb10u1.
We recommend that you upgrade your openjdk-11 packages.
For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6i4QkACgkQEMKTtsN8 TjYOlg/3ZpduOWklosp1sS0za11zUYZHlql01d75lk2HS/u5sEVUNPyVcZ2iC8Bk zVBfqdJmfoODThzMVws1f9BhTvdaigPd+6stG3eVcU7kHS3IEpSAglKRK9220jDQ Euz2CXHV2trngO9C6oEg6OOB2wguKyeFT7VlMazyznmesIUr+BnmTpm/t97QOAhj +OyeXm3YdI7B8idZUNnUS42SKei+vaj1b/Dwi7Bv5YZUgIDAy8J6lRxUYi3EA/MT Lux7auJiMw9cIx5xqiIIW+3JmLrxXZQdvxWRsZtl5ATNwMf/PDjroWGj1eIRIa66 70dJ4FoY/yHdc4wnadBJKhWUgZbGDpVyclzRx8DBlqYxmJx0BVu10he1j8fMJnp1 72A/gHVtcHDuCLpskgYiJeUqkPq/nMEt85Q2NpnW61sGFJedGIQeAMGKLPsLCmz4 U8L2CaTvtnBFNN82P50rDCuFwKChOJ5OqKuZCBwX6hhJQqgPsSGE7wdUep0UFbm0 9qyEZ+Ph7v42+JcnP3O/Ow9i2Q+rkHcCu//jp+TaeyjZEaIurAAlMz9YN8Tp665n lXe0nmWPkY+oCDoEglH5GaLkft0lEOT8idGp3ccBhHsQGhyJAq2z0b9OBTUgidjY 99udJWsH8naHMBZL5aHmByQ/73mL/MB+oMRv15ypVrnL2B3KVQ== =/qDT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "openjdk",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "openjdk",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13"
},
{
"model": "storagegrid",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "threat intelligence exchange server",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0.2"
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.60.1"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "storagegrid",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.4"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "threat intelligence exchange server",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.6",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.2",
"versionStartIncluding": "13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.60.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
}
],
"trust": 0.8
},
"cve": "CVE-2020-2830",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-2830",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-2830",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-2830",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-2830",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). \n(CVE-2020-2754, CVE-2020-2755). ==========================================================================\nUbuntu Security Notice USN-4337-1\nApril 22, 2020\n\nopenjdk-8, openjdk-lts vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK. \n\nSoftware Description:\n- openjdk-8: Open Source Java implementation\n- openjdk-lts: Open Source Java implementation\n\nDetails:\n\nIt was discovered that OpenJDK incorrectly handled certain regular\nexpressions. An attacker could possibly use this issue to cause a denial of\nservice while processing a specially crafted regular expression. \n(CVE-2020-2754, CVE-2020-2755)\n\nIt was discovered that OpenJDK incorrectly handled class descriptors and\ncatching exceptions during object stream deserialization. An attacker could\npossibly use this issue to cause a denial of service while processing a\nspecially crafted serialized input. (CVE-2020-2756, CVE-2020-2757)\n\nBengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and\nRobert Merget discovered that OpenJDK incorrectly handled certificate messages\nduring TLS handshake. An attacker could possibly use this issue to bypass\ncertificate verification and insert, edit or obtain sensitive information. This\nissue only affected OpenJDK 11. (CVE-2020-2767)\n\nIt was discovered that OpenJDK incorrectly handled exceptions thrown by\nunmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use\nthis issue to cause a denial of service while reading key info or XML signature\ndata from XML input. (CVE-2020-2773)\n\nPeter Dettman discovered that OpenJDK incorrectly handled SSLParameters in\nsetAlgorithmConstraints(). An attacker could possibly use this issue to\noverride the defined systems security policy and lead to the use of weak\ncrypto algorithms that should be disabled. This issue only affected\nOpenJDK 11. (CVE-2020-2778)\n\nSimone Bordet discovered that OpenJDK incorrectly re-used single null TLS\nsessions for new TLS connections. A remote attacker could possibly use this\nissue to cause a denial of service. (CVE-2020-2781)\n\nDan Amodio discovered that OpenJDK did not restrict the use of CR and LF\ncharacters in values for HTTP headers. An attacker could possibly use this\nissue to insert, edit or obtain sensitive information. (CVE-2020-2800)\n\nNils Emmerich discovered that OpenJDK incorrectly checked boundaries or\nargument types. An attacker could possibly use this issue to bypass sandbox\nrestrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805)\n\nIt was discovered that OpenJDK incorrectly handled application data packets\nduring TLS handshake. An attacker could possibly use this issue to insert,\nedit or obtain sensitive information. This issue only affected OpenJDK 11. \n(CVE-2020-2816)\n\nIt was discovered that OpenJDK incorrectly handled certain regular\nexpressions. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2020-2830)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n openjdk-11-jdk 11.0.7+10-2ubuntu2~19.10\n openjdk-11-jre 11.0.7+10-2ubuntu2~19.10\n openjdk-11-jre-headless 11.0.7+10-2ubuntu2~19.10\n openjdk-11-jre-zero 11.0.7+10-2ubuntu2~19.10\n openjdk-8-jdk 8u252-b09-1~19.10\n openjdk-8-jre 8u252-b09-1~19.10\n openjdk-8-jre-headless 8u252-b09-1~19.10\n openjdk-8-jre-zero 8u252-b09-1~19.10\n\nUbuntu 18.04 LTS:\n openjdk-11-jdk 11.0.7+10-2ubuntu2~18.04\n openjdk-11-jre 11.0.7+10-2ubuntu2~18.04\n openjdk-11-jre-headless 11.0.7+10-2ubuntu2~18.04\n openjdk-11-jre-zero 11.0.7+10-2ubuntu2~18.04\n openjdk-8-jdk 8u252-b09-1~18.04\n openjdk-8-jre 8u252-b09-1~18.04\n openjdk-8-jre-headless 8u252-b09-1~18.04\n openjdk-8-jre-zero 8u252-b09-1~18.04\n\nUbuntu 16.04 LTS:\n openjdk-8-jdk 8u252-b09-1~16.04\n openjdk-8-jre 8u252-b09-1~16.04\n openjdk-8-jre-headless 8u252-b09-1~16.04\n openjdk-8-jre-jamvm 8u252-b09-1~16.04\n openjdk-8-jre-zero 8u252-b09-1~16.04\n\nThis update uses a new upstream release, which includes additional bug\nfixes. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. 8.0) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* operator-framework/presto: /etc/passwd was given incorrect privileges\n(CVE-2019-19352)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.3, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges\n\n5. 7) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.8.0-openjdk security update\nAdvisory ID: RHSA-2020:1512-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1512\nIssue date: 2020-04-21\nCVE Names: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 \n CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 \n CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 \n CVE-2020-2830 \n=====================================================================\n\n1. Summary:\n\nAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise\nLinux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit. \n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)\n(CVE-2020-2803)\n\n* OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries,\n8235274) (CVE-2020-2805)\n\n* OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and\nDOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773)\n\n* OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)\n(CVE-2020-2781)\n\n* OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP\nServer, 8234825) (CVE-2020-2800)\n\n* OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)\n(CVE-2020-2830)\n\n* OpenJDK: Misplaced regular expression syntax error check in RegExpScanner\n(Scripting, 8223898) (CVE-2020-2754)\n\n* OpenJDK: Incorrect handling of empty string nodes in regular expression\nParser (Scripting, 8223904) (CVE-2020-2755)\n\n* OpenJDK: Incorrect handling of references to uninitialized class\ndescriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)\n\n* OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass\n(Serialization, 8224549) (CVE-2020-2757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of OpenJDK Java must be restarted for this update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823199 - CVE-2020-2754 OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)\n1823200 - CVE-2020-2755 OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)\n1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)\n1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)\n1823224 - CVE-2020-2773 OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)\n1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)\n1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)\n1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)\n1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)\n1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nppc64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64.rpm\n\nppc64le:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.ppc64le.rpm\n\ns390x:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.s390x.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nppc64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64.rpm\n\nppc64le:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.ppc64le.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.ppc64le.rpm\n\ns390x:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.s390x.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.s390x.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.src.rpm\n\nx86_64:\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\njava-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8.noarch.rpm\njava-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8.noarch.rpm\n\nx86_64:\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8.x86_64.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.i686.rpm\njava-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-2754\nhttps://access.redhat.com/security/cve/CVE-2020-2755\nhttps://access.redhat.com/security/cve/CVE-2020-2756\nhttps://access.redhat.com/security/cve/CVE-2020-2757\nhttps://access.redhat.com/security/cve/CVE-2020-2773\nhttps://access.redhat.com/security/cve/CVE-2020-2781\nhttps://access.redhat.com/security/cve/CVE-2020-2800\nhttps://access.redhat.com/security/cve/CVE-2020-2803\nhttps://access.redhat.com/security/cve/CVE-2020-2805\nhttps://access.redhat.com/security/cve/CVE-2020-2830\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7Zs9zjgjWX9erEAQijNg//Wv9fjFvkxHC42Hd5YcN8qnGcf6gdOYDW\npAv6Tv6q9pstko1bcUZYa0V01XejJYe/5uAADu3QGe1aMihI0VMjXrlFULW1laNS\nQTRtsnzTac5Gm3cJZKDXIv1ITI+fgGBWOvwN9lketAQtO5su+JbPTPQ4S0rBy55D\ngAVa8RVPi6qQt85HmXDrrpaAI2N8EFVkJBpC9ZRRFtI5wTv//bVx29Qw/sthlN3N\nqXwO8KZI44Xbe+vb6QpGcNkly+Dh7CdeVFV1OVkqx8eOVA8Cj45NAeBgP1W8n2VQ\nzt0GiKCbrV49e2AsBgmK49/J3N2L9xalsHSn54+6N02rcjf4dseV5flz5/unSIDc\ngPqFCTRbGZcIdjFbilvsklGBVfBzXjw5SjUemMKYggXa+6L74O+kuH4TRZRXhmEX\n70Kvn1w0ta8P1bxK0A6BM6ZnDo5f7jVIQipk2M/hw6SDzu7ZA5zbDRCg419AZ8qc\nsyuuHWmdfpRRj0XlUw5eBfBUq8UL+huEfRvu85zBhvhTw/Pyu+T0nQ7iofSyqvob\n2LlLyPV14RBOzGIWLqrt2tGBUYanKULxIdT+VtSu4gyuloGc84onSLTqU0Ucbc85\nnxpY6nc9GxOYWCMDITnr4xiRXQuUuE5V4UVwsFlr+xsEYcsAXdPLzyXzw8S8sL+Z\nyPjQbJvoqgE=\n=5P5C\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4662-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-11\nCVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 \n CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 \n CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 \n CVE-2020-2830\n\nSeveral vulnerabilities have been discovered in the OpenJDK Java\nruntime, resulting in denial of service, insecure TLS handshakes, bypass\nof sandbox restrictions or HTTP response splitting attacks. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 11.0.7+10-3~deb10u1. \n\nWe recommend that you upgrade your openjdk-11 packages. \n\nFor the detailed security status of openjdk-11 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-11\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIyBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6i4QkACgkQEMKTtsN8\nTjYOlg/3ZpduOWklosp1sS0za11zUYZHlql01d75lk2HS/u5sEVUNPyVcZ2iC8Bk\nzVBfqdJmfoODThzMVws1f9BhTvdaigPd+6stG3eVcU7kHS3IEpSAglKRK9220jDQ\nEuz2CXHV2trngO9C6oEg6OOB2wguKyeFT7VlMazyznmesIUr+BnmTpm/t97QOAhj\n+OyeXm3YdI7B8idZUNnUS42SKei+vaj1b/Dwi7Bv5YZUgIDAy8J6lRxUYi3EA/MT\nLux7auJiMw9cIx5xqiIIW+3JmLrxXZQdvxWRsZtl5ATNwMf/PDjroWGj1eIRIa66\n70dJ4FoY/yHdc4wnadBJKhWUgZbGDpVyclzRx8DBlqYxmJx0BVu10he1j8fMJnp1\n72A/gHVtcHDuCLpskgYiJeUqkPq/nMEt85Q2NpnW61sGFJedGIQeAMGKLPsLCmz4\nU8L2CaTvtnBFNN82P50rDCuFwKChOJ5OqKuZCBwX6hhJQqgPsSGE7wdUep0UFbm0\n9qyEZ+Ph7v42+JcnP3O/Ow9i2Q+rkHcCu//jp+TaeyjZEaIurAAlMz9YN8Tp665n\nlXe0nmWPkY+oCDoEglH5GaLkft0lEOT8idGp3ccBhHsQGhyJAq2z0b9OBTUgidjY\n99udJWsH8naHMBZL5aHmByQ/73mL/MB+oMRv15ypVrnL2B3KVQ==\n=/qDT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
},
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-2830",
"trust": 2.1
},
{
"db": "MCAFEE",
"id": "SB10318",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2020-2830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157363",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157349",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157550",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157777",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157778",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168805",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"id": "VAR-202004-1137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27142859
},
"last_update_date": "2023-11-07T21:49:03.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201508 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202238 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201515 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202236 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201507 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202239 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201512 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201516 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201506 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202241 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202237 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201514 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201517 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201509 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.3 hadoop-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201938 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.3 presto-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201942 - security advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-8, openjdk-lts vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4337-1"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1365",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1365"
},
{
"title": "Amazon Linux AMI: ALAS-2023-1809",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2023-1809"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1424",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1424"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1421",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1421"
},
{
"title": "Debian Security Advisories: DSA-4662-1 openjdk-11 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fcc7953c1496c4d2bf29bdda0aeb34d3"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1410",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1410"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-111"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-108"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04093f22959e96a7bb3ed8715aa18c0e"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/4337-1/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4662"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7vhc4ew36kzeidq56rpcwbzcqelffkn/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckav6kffaeanxan73aftgu7z6ynrwcxq/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyhhhzrhxcbgrhge5up7ueb4iz2qx536/"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202006-22"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
},
{
"trust": 1.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10318"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2830"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2781"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2800"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2754"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2757"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2805"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2756"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2803"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2773"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2757"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2805"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2755"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2830"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2800"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2756"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2781"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-2803"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-2754"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-2755"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2773"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2767"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2654"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2654"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1508"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.7+10-2ubuntu2~18.04"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~19.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~16.04"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4337-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.7+10-2ubuntu2~19.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-8/8u252-b09-1~18.04"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2237"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openjdk-11"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"db": "PACKETSTORM",
"id": "157363"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157349"
},
{
"db": "PACKETSTORM",
"id": "157550"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157777"
},
{
"db": "PACKETSTORM",
"id": "157319"
},
{
"db": "PACKETSTORM",
"id": "157778"
},
{
"db": "PACKETSTORM",
"id": "168805"
},
{
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"date": "2020-04-23T19:25:55",
"db": "PACKETSTORM",
"id": "157363"
},
{
"date": "2020-04-22T15:11:05",
"db": "PACKETSTORM",
"id": "157350"
},
{
"date": "2020-04-22T15:11:12",
"db": "PACKETSTORM",
"id": "157351"
},
{
"date": "2020-04-22T15:10:56",
"db": "PACKETSTORM",
"id": "157349"
},
{
"date": "2020-05-04T17:29:03",
"db": "PACKETSTORM",
"id": "157550"
},
{
"date": "2020-05-04T17:28:54",
"db": "PACKETSTORM",
"id": "157549"
},
{
"date": "2020-05-20T15:59:55",
"db": "PACKETSTORM",
"id": "157777"
},
{
"date": "2020-04-21T14:17:02",
"db": "PACKETSTORM",
"id": "157319"
},
{
"date": "2020-05-20T16:01:07",
"db": "PACKETSTORM",
"id": "157778"
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168805"
},
{
"date": "2020-04-15T14:15:00",
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2830"
},
{
"date": "2022-06-30T20:07:00",
"db": "NVD",
"id": "CVE-2020-2830"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu Security Notice USN-4337-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "157363"
}
],
"trust": 0.1
}
}
var-202204-0593
Vulnerability from variot
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 8.1) - aarch64, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: java-11-openjdk security, bug fix, and enhancement update Advisory ID: RHSA-2022:1440-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1440 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary:
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). (BZ#2047531)
Security Fix(es):
-
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476)
-
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
-
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
-
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
-
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of OpenJDK Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2047531 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 11.0.15) [rhel-7] 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
ppc64: java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64.rpm
ppc64le: java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64le.rpm
s390x: java-11-openjdk-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.s390x.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64.rpm
ppc64le: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64le.rpm
s390x: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.s390x.rpm
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm
x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYmAx+NzjgjWX9erEAQjH/Q/+LWdIlvKxvVPZ5cWaFA2ZTaQrMfJiad6H 3lauUSupgikqAiHVhFviBTMlNpLg38lrt2gMgjDFodSi9SEUT9qp0ig1bC9FBqGt XifysNiTI6pJCIZiQDUlIsguakgJYv8oiuAPfBYZafV5LrVbgQXRBSlybpghXd87 21DymPq84hWR32lFNgQscDUI5MBmmMjn69Ta3iiKi51q5apNAggAyW6XzsA3JJQL M3/j0i1HcY4ONTip0M0lWxfneS/JTm6PO3NODBlIbHIBjMH2Ve6hBAdv2k67VgAm MGzhhwufwvbtq1WGvXZCxLCsRL092PSSoar3Mu3bnT7Aop2iQf28D9Fivk+IS2Ra n6/+Q6qwvonIbhMKg1DoPITivbbJyZJ47LRq7uc5zhx62z5ipVhx0PJU0UhGifRX ZHtOeLAWh+yob2cOs/5U2lydQ5whdJVeWWI8uC7jW+4N21OEVtpPU4yZezB5YTPl N4549Z8EcOOAOr4EM0v74Kv9Frrw6LoVKcC9nhCc/jLTlchYCl7p5LcQs+4xSkNO 12mg+dQAibL4txGMGkJVJBc0jIhN8CWuLPORnvjbfAQ9D6/esWGNBMrZZmbbqn5y 5d2CgprQx3Rk+4kI66emdZClZYB4P6tykCpPlFAVNtHbGcHFDHLBtchu5unRBbyw gxhzoRdL38A=hHHS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For further information, refer to the release notes linked to in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For the oldstable distribution (buster), this problem has been fixed in version 11.0.15+10-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 11.0.15+10-1~deb11u1.
We recommend that you upgrade your openjdk-11 packages.
For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AUACgkQEMKTtsN8 TjYPqQ//acxZ7tw58VvpicLhG3iTGRpUcVEVZwCcs1EGSs5sBAT20Q/rvZNc932o //8ipzrsv1pZX4txFzDi9gI279f27RTIhb+vJCWblPoRt7rXVkB7N5TR0UT4IurP ZCDcKF0PaStHPPrD7ZvVVUSQU09cDvHb0ibNnuXguOLCji9sIaPoubIAJ+NAkMIM 54inl1f4FQSwf1yqvZbjlnSvsDmBQ7nGE//yyajhN+JY29SkZdseLRgkAtGsG9+G 8XshJHdAGSuIeCUpJzbcYFdeikwXzQNP0DhvBGyClNmYUS/C4w9KCo8ab6L1rWhQ vnVDIAdX4zH+GTxtZ7xuelNvYUwiTW4DhYHtEoU8UvrhzJJ0ZtidAdEhoLlxJkdK e767zzyHFx9qbd5UFgwn8XMoJKlkkJtThTARypBcbN7mq9j7bxGV0JGTm1K76KJp j2lIau4swGGkFWD2kTLVO5O/chj5l4gsxX2Mi9ipLiBeD2TVTwY/MV1iX5q4EVMg 3Kt4ZSw2AxgwCPzaaSTBpkRcwJyspsAzIQfkmhnJ170v9iUsf5hg3oJV+Mhxqm/F znuzj1FKQ++A50O+6fGPA48T2DRATM7BMGBbjzWjRJ7KEptHEFnBGdkCU33I0YSm MIYXEATq5Z7D5g5SX2WZLOReTr7Y/PLCd6FRZGcFvbs5zjcKSGM= =Ysyl -----END PGP SIGNATURE----- . Summary:
Security updated rh-sso-7/sso75-openshift-rhel8 container image is now available for RHEL-8 based Middleware Containers. Description:
The rh-sso-7/sso75-openshift-rhel8 container image has been updated for RHEL-8 based Middleware Containers to include the following security issues.
Users of rh-sso-7/sso75-openshift-rhel8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References). Solution:
The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2071036 - CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange
-
To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
-
Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 2081642 - Placeholder bug for OCP 4.7.0 extras release
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "18.28"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "13.46"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "cloud insights acquisition unit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "17.32"
},
{
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "15.38"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "11.54"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3.1"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.0.0.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "e-series santricity storage manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "7.52"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.5"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "6.45"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "8.60"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:17.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:11.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "166967"
},
{
"db": "PACKETSTORM",
"id": "167164"
},
{
"db": "PACKETSTORM",
"id": "167327"
}
],
"trust": 0.6
},
"cve": "CVE-2022-21426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-407039",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21426",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2022-21426",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3780",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-407039",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 8.1) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: java-11-openjdk security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1440-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1440\nIssue date: 2022-04-20\nCVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443\n CVE-2022-21476 CVE-2022-21496\n====================================================================\n1. Summary:\n\nAn update for java-11-openjdk is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe java-11-openjdk packages provide the OpenJDK 11 Java Runtime\nEnvironment and the OpenJDK 11 Java Software Development Kit. \n\nThe following packages have been upgraded to a later upstream version:\njava-11-openjdk (11.0.15.0.9). (BZ#2047531)\n\nSecurity Fix(es):\n\n* OpenJDK: Defective secure validation in Apache Santuario (Libraries,\n8278008) (CVE-2022-21476)\n\n* OpenJDK: Unbounded memory allocation when compiling crafted XPath\nexpressions (JAXP, 8270504) (CVE-2022-21426)\n\n* OpenJDK: Improper object-to-string conversion in\nAnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)\n\n* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)\n(CVE-2022-21443)\n\n* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of OpenJDK Java must be restarted for this update to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2047531 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 11.0.15) [rhel-7]\n2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)\n2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)\n2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)\n2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)\n2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nppc64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64.rpm\n\nppc64le:\njava-11-openjdk-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64le.rpm\n\ns390x:\njava-11-openjdk-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.s390x.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64.rpm\n\nppc64le:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64le.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64le.rpm\n\ns390x:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.s390x.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.s390x.rpm\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm\n\nx86_64:\njava-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm\njava-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-21426\nhttps://access.redhat.com/security/cve/CVE-2022-21434\nhttps://access.redhat.com/security/cve/CVE-2022-21443\nhttps://access.redhat.com/security/cve/CVE-2022-21476\nhttps://access.redhat.com/security/cve/CVE-2022-21496\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYmAx+NzjgjWX9erEAQjH/Q/+LWdIlvKxvVPZ5cWaFA2ZTaQrMfJiad6H\n3lauUSupgikqAiHVhFviBTMlNpLg38lrt2gMgjDFodSi9SEUT9qp0ig1bC9FBqGt\nXifysNiTI6pJCIZiQDUlIsguakgJYv8oiuAPfBYZafV5LrVbgQXRBSlybpghXd87\n21DymPq84hWR32lFNgQscDUI5MBmmMjn69Ta3iiKi51q5apNAggAyW6XzsA3JJQL\nM3/j0i1HcY4ONTip0M0lWxfneS/JTm6PO3NODBlIbHIBjMH2Ve6hBAdv2k67VgAm\nMGzhhwufwvbtq1WGvXZCxLCsRL092PSSoar3Mu3bnT7Aop2iQf28D9Fivk+IS2Ra\nn6/+Q6qwvonIbhMKg1DoPITivbbJyZJ47LRq7uc5zhx62z5ipVhx0PJU0UhGifRX\nZHtOeLAWh+yob2cOs/5U2lydQ5whdJVeWWI8uC7jW+4N21OEVtpPU4yZezB5YTPl\nN4549Z8EcOOAOr4EM0v74Kv9Frrw6LoVKcC9nhCc/jLTlchYCl7p5LcQs+4xSkNO\n12mg+dQAibL4txGMGkJVJBc0jIhN8CWuLPORnvjbfAQ9D6/esWGNBMrZZmbbqn5y\n5d2CgprQx3Rk+4kI66emdZClZYB4P6tykCpPlFAVNtHbGcHFDHLBtchu5unRBbyw\ngxhzoRdL38A=hHHS\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. For further information, refer to\nthe release notes linked to in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 11.0.15+10-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 11.0.15+10-1~deb11u1. \n\nWe recommend that you upgrade your openjdk-11 packages. \n\nFor the detailed security status of openjdk-11 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-11\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AUACgkQEMKTtsN8\nTjYPqQ//acxZ7tw58VvpicLhG3iTGRpUcVEVZwCcs1EGSs5sBAT20Q/rvZNc932o\n//8ipzrsv1pZX4txFzDi9gI279f27RTIhb+vJCWblPoRt7rXVkB7N5TR0UT4IurP\nZCDcKF0PaStHPPrD7ZvVVUSQU09cDvHb0ibNnuXguOLCji9sIaPoubIAJ+NAkMIM\n54inl1f4FQSwf1yqvZbjlnSvsDmBQ7nGE//yyajhN+JY29SkZdseLRgkAtGsG9+G\n8XshJHdAGSuIeCUpJzbcYFdeikwXzQNP0DhvBGyClNmYUS/C4w9KCo8ab6L1rWhQ\nvnVDIAdX4zH+GTxtZ7xuelNvYUwiTW4DhYHtEoU8UvrhzJJ0ZtidAdEhoLlxJkdK\ne767zzyHFx9qbd5UFgwn8XMoJKlkkJtThTARypBcbN7mq9j7bxGV0JGTm1K76KJp\nj2lIau4swGGkFWD2kTLVO5O/chj5l4gsxX2Mi9ipLiBeD2TVTwY/MV1iX5q4EVMg\n3Kt4ZSw2AxgwCPzaaSTBpkRcwJyspsAzIQfkmhnJ170v9iUsf5hg3oJV+Mhxqm/F\nznuzj1FKQ++A50O+6fGPA48T2DRATM7BMGBbjzWjRJ7KEptHEFnBGdkCU33I0YSm\nMIYXEATq5Z7D5g5SX2WZLOReTr7Y/PLCd6FRZGcFvbs5zjcKSGM=\n=Ysyl\n-----END PGP SIGNATURE-----\n. Summary:\n\nSecurity updated rh-sso-7/sso75-openshift-rhel8 container image is now\navailable for RHEL-8 based Middleware Containers. Description:\n\nThe rh-sso-7/sso75-openshift-rhel8 container image has been updated for\nRHEL-8 based Middleware Containers to include the following security\nissues. \n\nUsers of rh-sso-7/sso75-openshift-rhel8 container images are advised to\nupgrade to these updated images, which contain backported patches to\ncorrect these security issues, fix these bugs and add these enhancements. \nUsers of these images are also encouraged to rebuild all container images\nthat depend on these images. \n\nYou can find images updated by this advisory in Red Hat Container Catalog\n(see References). Solution:\n\nThe RHEL-8 based Middleware Containers container image provided by this\nupdate can be downloaded from the Red Hat Container Registry at\nregistry.access.redhat.com. Installation instructions for your platform are\navailable at Red Hat Container Catalog (see References). \n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2071036 - CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange\n\n5. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty\n2081642 - Placeholder bug for OCP 4.7.0 extras release\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
},
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "169366"
},
{
"db": "PACKETSTORM",
"id": "166967"
},
{
"db": "PACKETSTORM",
"id": "167164"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "169256"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21426",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "167327",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166967",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167164",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167385",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167980",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167088",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167271",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167979",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166804",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166835",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042559",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042105",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042620",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051325",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041944",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071332",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072540",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051742",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042139",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051235",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050504",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050424",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022053122",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3865",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2360",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3440",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1840",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3780",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3780",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167140",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166903",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169256",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "169366"
},
{
"db": "PACKETSTORM",
"id": "166967"
},
{
"db": "PACKETSTORM",
"id": "167164"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "169256"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"id": "VAR-202204-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:51:10.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Java SE Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=190896"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050504"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3780"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166835/ubuntu-security-notice-usn-5388-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042105"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041944"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167980/ubuntu-security-notice-usn-5546-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166804/red-hat-security-advisory-2022-1443-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1808"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070707"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167088/red-hat-security-advisory-2022-1679-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053122"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21426/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2373"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3440"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3583"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051742"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167271/red-hat-security-advisory-2022-2272-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051325"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3865"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071332"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1840"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167142/red-hat-security-advisory-2022-2216-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166967/red-hat-security-advisory-2022-1713-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2180"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072540"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167327/red-hat-security-advisory-2022-2281-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167164/red-hat-security-advisory-2022-1699-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042559"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042139"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-java-vulnerabilities-of-april-2022-38106"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2360"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167385/red-hat-security-advisory-2022-1729-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167979/ubuntu-security-notice-usn-5546-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051235"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21449"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1245"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_windows/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1492"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openjdk-11"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/rh-sso-7/sso75-openshift-rhel8"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1713"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:1698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24769"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1699"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29599"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp-3-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2281"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/upgrading/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2280"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29036"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openjdk-17"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "169366"
},
{
"db": "PACKETSTORM",
"id": "166967"
},
{
"db": "PACKETSTORM",
"id": "167164"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "169256"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166800"
},
{
"db": "PACKETSTORM",
"id": "166794"
},
{
"db": "PACKETSTORM",
"id": "166903"
},
{
"db": "PACKETSTORM",
"id": "169366"
},
{
"db": "PACKETSTORM",
"id": "166967"
},
{
"db": "PACKETSTORM",
"id": "167164"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "169256"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-407039"
},
{
"date": "2022-04-21T15:09:24",
"db": "PACKETSTORM",
"id": "166800"
},
{
"date": "2022-04-21T15:08:25",
"db": "PACKETSTORM",
"id": "166794"
},
{
"date": "2022-04-29T12:37:12",
"db": "PACKETSTORM",
"id": "166903"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169366"
},
{
"date": "2022-05-05T17:31:42",
"db": "PACKETSTORM",
"id": "166967"
},
{
"date": "2022-05-13T16:05:21",
"db": "PACKETSTORM",
"id": "167164"
},
{
"date": "2022-05-31T17:24:16",
"db": "PACKETSTORM",
"id": "167327"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169256"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3780"
},
{
"date": "2022-04-19T21:15:15.157000",
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-407039"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3780"
},
{
"date": "2023-04-27T17:53:04.237000",
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Java SE Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3780"
}
],
"trust": 0.6
}
}
var-202305-1789
Vulnerability from variot
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. Apache Commons FileUpload 1.5 in versions earlier than 1 Do not limit the number of files that can be uploaded in a request, resulting in a denial of service ( DoS ) vulnerability ( CVE-2023-24998 , CVE-2023-28709 ) exists. Apache Tomcat The file upload function of Apache Commons FileUpload Since it employs a copy of the package and likewise has no file limit, it may be affected by this vulnerability.Malicious uploads by a third party and denial of service (DoS) You may be attacked. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-37
https://security.gentoo.org/
Severity: Low Title: Apache Tomcat: Multiple Vulnerabilities Date: May 30, 2023 Bugs: #878911, #889596, #896370, #907387 ID: 202305-37
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service.
Affected packages
Package Vulnerable Unaffected
www-servers/tomcat < 10.1.8 >= 10.1.8
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8"
References
[ 1 ] CVE-2022-42252 https://nvd.nist.gov/vuln/detail/CVE-2022-42252 [ 2 ] CVE-2022-45143 https://nvd.nist.gov/vuln/detail/CVE-2022-45143 [ 3 ] CVE-2023-24998 https://nvd.nist.gov/vuln/detail/CVE-2023-24998 [ 4 ] CVE-2023-28709 https://nvd.nist.gov/vuln/detail/CVE-2023-28709
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Web Server 5.7.4 release and security update Advisory ID: RHSA-2023:4909-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2023:4909 Issue date: 2023-09-04 CVE Names: CVE-2022-24963 CVE-2023-24998 CVE-2023-28708 CVE-2023-28709 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64 Red Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
-
apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
-
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
-
tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
-
tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode 2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts 2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure 2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete
- Package List:
Red Hat JBoss Web Server 5.7 for RHEL 7 Server:
Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm
noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm
Red Hat JBoss Web Server 5.7 for RHEL 8:
Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm
noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm
Red Hat JBoss Web Server 5.7 for RHEL 9:
Source: jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm
noarch: jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
x86_64: jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24963 https://access.redhat.com/security/cve/CVE-2023-24998 https://access.redhat.com/security/cve/CVE-2023-28708 https://access.redhat.com/security/cve/CVE-2023-28709 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCAAGBQJk9dawAAoJENzjgjWX9erE1ycQAIwG6w749gWsv0nN3TgCLSn+ Ag1rdPKnc9K0BEer5aj3UZWq0ILQ0U2xkIV/+f03asPHSKehS0xAVAoTOB9eqDgB f7rcxV6tDwkkOgEHlCQZXle5CzMmIIuAmzQoRI855sl3fo7m1s9w/XGfM9TuwANu AAXKNZUc1EOtCzwQPbJ+RqwxXhiZvwaD1cXa/PtNmrmcFeQPjwZUTwWrs5KcDG/P CCIugcTaD8lCFRQFHtF+GXY9A1xzQ4sgGBeSa2+MRLV2e5nVGjby+1ydLIhThdvl 7bD+wtI7WOQkVI1ZrfiVuYU6gmQB1YoaYz3l8bjY+PvxoXANIDWI2y9QzLvjHRdX Q2DraXW6xMw0utFtFe5AiLevPH18VwBsdyUMOk8hpTQsRkw/Is7rIcHstucGJYSI CBVloQ8FbPXPUlTw4eYSr22c3bEyJKTACJIN+badVjzUlu7zewqF7g8BHXJGFIfT pwyfxOUfvAvn0qD8NvwE64yQ1pCIqcq/ffxliJp98cn86VrQ+H6+hwmxWOU1yoxe jyON4uVUE+IcaPPP84SUyGZW+ZgZjrdkBv4OaBsMvQweIPXLk54/dkgDtdOMF6EJ 3AX0KKqoSTFWJ7i64DWturuhAFRTdqkxeItLWM5LMo0FKsZur8efbRRnSHQhNUib PKxvfGMcijaSUTJ0s70k =7k// -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5521-1 security@debian.org https://www.debian.org/security/ Markus Koschany October 10, 2023 https://www.debian.org/security/faq
Package : tomcat10 CVE ID : CVE-2023-28709 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
CVE-2023-28709
Denial of Service.
CVE-2023-41080
Open redirect. If the ROOT (default) web application is configured to use
FORM authentication then it is possible that a specially crafted URL could
be used to trigger a redirect to an URL of the attackers choice.
CVE-2023-42795
Information Disclosure. When recycling various internal objects, including
the request and the response, prior to re-use by the next request/response,
an error could cause Tomcat to skip some parts of the recycling process
leading to information leaking from the current request/response to the
next.
CVE-2023-44487
DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)
CVE-2023-45648
Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A
specially crafted, invalid trailer header could cause Tomcat to treat a
single request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
For the stable distribution (bookworm), these problems have been fixed in version 10.1.6-1+deb12u1.
We recommend that you upgrade your tomcat10 packages.
For the detailed security status of tomcat10 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat10
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlygNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQOAw/9FphsARNkV5P4SoR3pQJ0CUaGtipdCc57ZR+w00QjR0/lbIQpoYzxrgAN zNJCDUuCDhEjyolzJ9XtkabKDzhZr/+1wM5iQQIx9A6VFELannL5ivZjT798juUx +IMCD65kMFXqLqIwS4BhYZww/W5KapZkgEeppyhpS3pjGXJ3nRtkAMpJZAJk4CCt n3I/9GzyI/8KQVBGAUPQb+feDJmDh/qSbHYTtvEweeu1WNiFGzU6MuRIOeYi6mga gzulx3NJgCHb6SGKdttqc51pSK2mRKUlQdgzwxS+jTaE4iDWv1AHaV/pJF6cS3cP xmELILWm7TqnL90on63u6Nh8UScSM0qf3ajRd2zAXDEtaGcdM92vbNLDfJTo1/wA pEH+xTkiOUpHEhsDEOW6zLoJqy0+qW9pQd3qE4Sh1CBVFylxR4L1JeDupyozH0up LLuNKslZLxUFUWYEkwFmtOoOMjlAtMsPnsgoVr/ZOPXaixLE05HgOWWWUV5YWyKW Ae2/C+Oc38P2bFNjW++okCsZTOaVdrhA/2g9cPNE17cN/o/Ff9GdbqDJMzry9z/B FSPIZ47QSzMROhc/9z5HL7Y3eqEj8kjG2LbMQ82lP5hHoYPhXwKjML8HhwmyLvD2 scn/9i/RzazIfyO+zLStzxEHIOR7xx95drm15Av1Z52oETSmsmc= =raMf -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-1789",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "12.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "11.0.0"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.73"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.5"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.71"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.87"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.7"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.85"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "nec advanced analytics platform modeler",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management 2 - smart device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "neoface monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "job management partner 1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "tomcat",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "nec information assessment system",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "enterpriseidentitymanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "nec \u81ea\u52d5\u5fdc\u7b54",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "websam it process management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "commons fileupload",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "jp1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management 2 - operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "esmpro/servermanager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "job management partner 1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.1.7",
"versionStartIncluding": "10.1.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.73",
"versionStartIncluding": "9.0.71",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.87",
"versionStartIncluding": "8.5.85",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
}
],
"trust": 0.2
},
"cve": "CVE-2023-28709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-28709",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-28709",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-1931",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
},
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount\u00a0could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters\u00a0in the query string, the limit for uploaded request parts could be\u00a0bypassed with the potential for a denial of service to occur. Apache Commons FileUpload 1.5 in versions earlier than 1 Do not limit the number of files that can be uploaded in a request, resulting in a denial of service ( DoS ) vulnerability ( CVE-2023-24998 , CVE-2023-28709 ) exists. Apache Tomcat The file upload function of Apache Commons FileUpload Since it employs a copy of the package and likewise has no file limit, it may be affected by this vulnerability.Malicious uploads by a third party and denial of service (DoS) You may be attacked. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202305-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache Tomcat: Multiple Vulnerabilities\n Date: May 30, 2023\n Bugs: #878911, #889596, #896370, #907387\n ID: 202305-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich could result in denial of service. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n------------------ ------------ ------------\nwww-servers/tomcat \u003c 10.1.8 \u003e= 10.1.8\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache Tomcat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-10.1.8\"\n\nReferences\n=========\n[ 1 ] CVE-2022-42252\n https://nvd.nist.gov/vuln/detail/CVE-2022-42252\n[ 2 ] CVE-2022-45143\n https://nvd.nist.gov/vuln/detail/CVE-2022-45143\n[ 3 ] CVE-2023-24998\n https://nvd.nist.gov/vuln/detail/CVE-2023-24998\n[ 4 ] CVE-2023-28709\n https://nvd.nist.gov/vuln/detail/CVE-2023-28709\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-37\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Web Server 5.7.4 release and security update\nAdvisory ID: RHSA-2023:4909-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:4909\nIssue date: 2023-09-04\nCVE Names: CVE-2022-24963 CVE-2023-24998 CVE-2023-28708\n CVE-2023-28709\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat\nEnterprise Linux versions 7, 8, and 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 8 - noarch, x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 9 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for\nRed Hat JBoss Web Server 5.7.3. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References section. \n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts\n(CVE-2023-24998)\n\n* tomcat: not including the secure attribute causes information disclosure\n(CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode\n2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts\n2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure\n2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete\n\n6. Package List:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 8:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 9:\n\nSource:\njws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm\njws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm\n\nnoarch:\njws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\njws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24963\nhttps://access.redhat.com/security/cve/CVE-2023-24998\nhttps://access.redhat.com/security/cve/CVE-2023-28708\nhttps://access.redhat.com/security/cve/CVE-2023-28709\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCAAGBQJk9dawAAoJENzjgjWX9erE1ycQAIwG6w749gWsv0nN3TgCLSn+\nAg1rdPKnc9K0BEer5aj3UZWq0ILQ0U2xkIV/+f03asPHSKehS0xAVAoTOB9eqDgB\nf7rcxV6tDwkkOgEHlCQZXle5CzMmIIuAmzQoRI855sl3fo7m1s9w/XGfM9TuwANu\nAAXKNZUc1EOtCzwQPbJ+RqwxXhiZvwaD1cXa/PtNmrmcFeQPjwZUTwWrs5KcDG/P\nCCIugcTaD8lCFRQFHtF+GXY9A1xzQ4sgGBeSa2+MRLV2e5nVGjby+1ydLIhThdvl\n7bD+wtI7WOQkVI1ZrfiVuYU6gmQB1YoaYz3l8bjY+PvxoXANIDWI2y9QzLvjHRdX\nQ2DraXW6xMw0utFtFe5AiLevPH18VwBsdyUMOk8hpTQsRkw/Is7rIcHstucGJYSI\nCBVloQ8FbPXPUlTw4eYSr22c3bEyJKTACJIN+badVjzUlu7zewqF7g8BHXJGFIfT\npwyfxOUfvAvn0qD8NvwE64yQ1pCIqcq/ffxliJp98cn86VrQ+H6+hwmxWOU1yoxe\njyON4uVUE+IcaPPP84SUyGZW+ZgZjrdkBv4OaBsMvQweIPXLk54/dkgDtdOMF6EJ\n3AX0KKqoSTFWJ7i64DWturuhAFRTdqkxeItLWM5LMo0FKsZur8efbRRnSHQhNUib\nPKxvfGMcijaSUTJ0s70k\n=7k//\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5521-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nOctober 10, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat10\nCVE ID : CVE-2023-28709 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487\n CVE-2023-45648\n\nSeveral security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. \n\nCVE-2023-28709\n\n Denial of Service. \n\nCVE-2023-41080\n\n Open redirect. If the ROOT (default) web application is configured to use\n FORM authentication then it is possible that a specially crafted URL could\n be used to trigger a redirect to an URL of the attackers choice. \n\nCVE-2023-42795\n\n Information Disclosure. When recycling various internal objects, including\n the request and the response, prior to re-use by the next request/response,\n an error could cause Tomcat to skip some parts of the recycling process\n leading to information leaking from the current request/response to the\n next. \n\nCVE-2023-44487\n\n DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)\n\nCVE-2023-45648\n\n Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A\n specially crafted, invalid trailer header could cause Tomcat to treat a\n single request as multiple requests leading to the possibility of request\n smuggling when behind a reverse proxy. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 10.1.6-1+deb12u1. \n\nWe recommend that you upgrade your tomcat10 packages. \n\nFor the detailed security status of tomcat10 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat10\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlygNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeQOAw/9FphsARNkV5P4SoR3pQJ0CUaGtipdCc57ZR+w00QjR0/lbIQpoYzxrgAN\nzNJCDUuCDhEjyolzJ9XtkabKDzhZr/+1wM5iQQIx9A6VFELannL5ivZjT798juUx\n+IMCD65kMFXqLqIwS4BhYZww/W5KapZkgEeppyhpS3pjGXJ3nRtkAMpJZAJk4CCt\nn3I/9GzyI/8KQVBGAUPQb+feDJmDh/qSbHYTtvEweeu1WNiFGzU6MuRIOeYi6mga\ngzulx3NJgCHb6SGKdttqc51pSK2mRKUlQdgzwxS+jTaE4iDWv1AHaV/pJF6cS3cP\nxmELILWm7TqnL90on63u6Nh8UScSM0qf3ajRd2zAXDEtaGcdM92vbNLDfJTo1/wA\npEH+xTkiOUpHEhsDEOW6zLoJqy0+qW9pQd3qE4Sh1CBVFylxR4L1JeDupyozH0up\nLLuNKslZLxUFUWYEkwFmtOoOMjlAtMsPnsgoVr/ZOPXaixLE05HgOWWWUV5YWyKW\nAe2/C+Oc38P2bFNjW++okCsZTOaVdrhA/2g9cPNE17cN/o/Ff9GdbqDJMzry9z/B\nFSPIZ47QSzMROhc/9z5HL7Y3eqEj8kjG2LbMQ82lP5hHoYPhXwKjML8HhwmyLvD2\nscn/9i/RzazIfyO+zLStzxEHIOR7xx95drm15Av1Z52oETSmsmc=\n=raMf\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "VULMON",
"id": "CVE-2023-28709"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175038"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28709",
"trust": 3.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/05/22/1",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-15",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91253151",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.2979",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3113",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3425",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3098",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1931",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28709",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174475",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174474",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175038",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175038"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
},
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"id": "VAR-202305-1789",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22708334
},
"last_update_date": "2024-06-02T22:35:58.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2024-119",
"trust": 0.8,
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#fixed_in_apache_commons_fileupload_1.5"
},
{
"title": "Apache Tomcat Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=239303"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.0
},
{
"problemtype": "Determination of boundary conditions (CWE-193) [ others ]",
"trust": 0.8
},
{
"problemtype": " Allocation of resources without limits or throttling (CWE-770) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20230616-0004/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28709"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24998"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91253151/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28709/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3098"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2979"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3425"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3113"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24963"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-28708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24963"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-28709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-24998"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/193.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42252"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=webserver\u0026version=5.7"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4909"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat10"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41080"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-42795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-45648"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175038"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
},
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"db": "PACKETSTORM",
"id": "172624"
},
{
"db": "PACKETSTORM",
"id": "174475"
},
{
"db": "PACKETSTORM",
"id": "174474"
},
{
"db": "PACKETSTORM",
"id": "175038"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
},
{
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28709"
},
{
"date": "2023-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"date": "2023-05-30T16:32:27",
"db": "PACKETSTORM",
"id": "172624"
},
{
"date": "2023-09-04T17:29:56",
"db": "PACKETSTORM",
"id": "174475"
},
{
"date": "2023-09-04T17:29:45",
"db": "PACKETSTORM",
"id": "174474"
},
{
"date": "2023-10-11T15:52:01",
"db": "PACKETSTORM",
"id": "175038"
},
{
"date": "2023-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-1931"
},
{
"date": "2023-05-22T11:15:09.423000",
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28709"
},
{
"date": "2024-05-29T07:11:00",
"db": "JVNDB",
"id": "JVNDB-2023-001220"
},
{
"date": "2023-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-1931"
},
{
"date": "2024-02-16T18:20:07.610000",
"db": "NVD",
"id": "CVE-2023-28709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Tomcat\u00a0 of \u00a0Apache\u00a0Commons\u00a0FileUpload\u00a0 denial of service ( DoS ) vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-1931"
}
],
"trust": 0.6
}
}
var-201704-1034
Vulnerability from variot
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. The following versions are affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11. Apache Tomcat 8.5.0 to 8.5.6. Apache Tomcat 8.0.0.RC1 to 8.0.38. Apache Tomcat 7.0.0 to 7.0.72. Apache Tomcat 6.0.0 to 6.0.47. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update Advisory ID: RHSA-2017:0455-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:0455 Issue date: 2015-11-12 Updated on: 2017-03-07 CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
-
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests 1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener 1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- JIRA issues fixed (https://issues.jboss.org/):
JWS-267 - RHEL 6 Errata JIRA
- Package List:
Red Hat JBoss Web Server 3.1 for RHEL 6:
Source: hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm tomcat7-7.0.70-16.ep7.el6.src.rpm tomcat8-8.0.36-17.ep7.el6.src.rpm
i386: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm
noarch: hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat7-7.0.70-16.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm tomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm tomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm tomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat8-8.0.36-17.ep7.el6.noarch.rpm tomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm tomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm tomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm tomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm tomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm
ppc64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm
x86_64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0762 https://access.redhat.com/security/cve/CVE-2016-1240 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/cve/CVE-2016-5018 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/cve/CVE-2016-6794 https://access.redhat.com/security/cve/CVE-2016-6796 https://access.redhat.com/security/cve/CVE-2016-6797 https://access.redhat.com/security/cve/CVE-2016-6816 https://access.redhat.com/security/cve/CVE-2016-8735 https://access.redhat.com/security/cve/CVE-2016-8745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw /PBR7pUGLbNA0xtWDwAi0Xk= =Y+gP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3738-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq
Package : tomcat7 CVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775 Debian Bug : 802312 845385 845393
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.
For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u6.
For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 7.0.72-3.
We recommend that you upgrade your tomcat7 packages.
The References section of this erratum contains a download link (you must log in to download the update). =========================================================================== Ubuntu Security Notice USN-3177-2 February 02, 2017
tomcat6, tomcat7 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3177-1 introduced a regression in Tomcat.
Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine
Details:
USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.
We apologize for the inconvenience. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.9 tomcat7 7.0.52-1ubuntu0.9
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.10 tomcat6 6.0.35-1ubuntu3.10
In general, a standard system update will make all the necessary changes. (JIRA#JWS-268)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.6.0"
},
{
"model": "oncommand shift",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.3"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.8.2223"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.2.4181"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.7.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.7"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail convenience and fuel pos software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.132"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.4.3247"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.7.1"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8.0"
},
{
"model": "micros relate crm software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.5.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "micros relate crm software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.4"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 from 6.0.47"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.72"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.38"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.6"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m11"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"model": "spoolserver series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 to 6.2"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version"
},
{
"model": "embedded cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for atm"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "programming environment for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.72"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"model": "tomcat 9.0.0.m9",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m11",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"model": "tomcat 8.0.0.rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.8"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "tomcat 9.0.0.m13",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.8
},
"cve": "CVE-2016-8735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8735",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-609",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2016-8735",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn\u0027t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. \nThe following versions are affected:\nApache Tomcat 9.0.0.M1 to 9.0.0.M11. \nApache Tomcat 8.5.0 to 8.5.6. \nApache Tomcat 8.0.0.RC1 to 8.0.38. \nApache Tomcat 7.0.0 to 7.0.72. \nApache Tomcat 6.0.0 to 6.0.47. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update\nAdvisory ID: RHSA-2017:0455-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0455\nIssue date: 2015-11-12\nUpdated on: 2017-03-07\nCVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 \n CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 \n CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 \n CVE-2016-8735 CVE-2016-8745 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 3 for RHEL 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for\nRed Hat JBoss Web Server 3.0.3, and includes enhancements. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. \n(CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was accessible\nto web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access\nany global JNDI resource whether an explicit ResourceLink had been\nconfigured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security. \n\nEnhancement(s):\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to\nRed Hat Enterprise Linux 6. These packages provide a number of enhancements\nover the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation\n1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources\n1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters\n1390520 - CVE-2016-6794 tomcat: system property disclosure\n1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function\n1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation\n1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-267 - RHEL 6 Errata JIRA\n\n7. Package List:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6:\n\nSource:\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat7-7.0.70-16.ep7.el6.src.rpm\ntomcat8-8.0.36-17.ep7.el6.src.rpm\n\ni386:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm\n\nnoarch:\nhibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat7-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat8-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm\n\nppc64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\n\nx86_64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0762\nhttps://access.redhat.com/security/cve/CVE-2016-1240\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/cve/CVE-2016-5018\nhttps://access.redhat.com/security/cve/CVE-2016-6325\nhttps://access.redhat.com/security/cve/CVE-2016-6794\nhttps://access.redhat.com/security/cve/CVE-2016-6796\nhttps://access.redhat.com/security/cve/CVE-2016-6797\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735\nhttps://access.redhat.com/security/cve/CVE-2016-8745\nhttps://access.redhat.com/security/updates/classification/#important\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw\n/PBR7pUGLbNA0xtWDwAi0Xk=\n=Y+gP\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3738-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nDecember 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat7\nCVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775\nDebian Bug : 802312 845385 845393\n\nMultiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u6. \n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3. \n\nWe recommend that you upgrade your tomcat7 packages. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n===========================================================================\nUbuntu Security Notice USN-3177-2\nFebruary 02, 2017\n\ntomcat6, tomcat7 regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3177-1 introduced a regression in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nUSN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a\nregression in environments where Tomcat is started with a security manager. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. A remote attacker could possibly\n use this issue to enumerate usernames. This issue only applied to Ubuntu\n 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could\n possibly use this to bypass Security Manager restrictions. This issue only\n applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n (CVE-2016-5018)\n It was discovered that Tomcat did not protect applications from untrusted\n data in the HTTP_PROXY environment variable. A remote attacker could\n possibly use this issue to redirect outbound traffic to an arbitrary proxy\n server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\n Ubuntu 16.04 LTS. (CVE-2016-5388)\n It was discovered that Tomcat incorrectly controlled reading system\n properties. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to\n Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816)\n Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\n implement a recommended fix. (CVE-2016-8745)\n Paul Szabo discovered that the Tomcat package incorrectly handled upgrades\n and removals. A local attacker could possibly use this issue to obtain\n root privileges. (CVE-2016-9774, CVE-2016-9775)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.9\n tomcat7 7.0.52-1ubuntu0.9\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.10\n tomcat6 6.0.35-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. \n(JIRA#JWS-268)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8735",
"trust": 3.4
},
{
"db": "BID",
"id": "94463",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037331",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92250735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159413",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3415",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-8735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140199",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140905",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141510",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"id": "VAR-201704-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2024-07-23T20:25:07.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.39",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.0.39"
},
{
"title": "Fixed in Apache Tomcat 7.0.73",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.73"
},
{
"title": "Fixed in Apache Tomcat 6.0.48",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-6.html#fixed_in_apache_tomcat_6.0.48"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M13",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#fixed_in_apache_tomcat_9.0.0.m13"
},
{
"title": "Fixed in Apache Tomcat 8.5.8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.8"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Apache Tomcat Fixes for remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66050"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170457 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2016-777",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-777"
},
{
"title": "Amazon Linux AMI: ALAS-2016-778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-778"
},
{
"title": "Red Hat: CVE-2016-8735",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-8735"
},
{
"title": "Amazon Linux AMI: ALAS-2016-776",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-776"
},
{
"title": "Debian Security Advisories: DSA-3738-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8828b9876ebd1ef3e89b0ed4e9499abe"
},
{
"title": "Debian Security Advisories: DSA-3739-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=98ef9e44fdad2be0b98f03550515e81a"
},
{
"title": "Arch Linux Advisories: [ASA-201611-22] tomcat6: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-22"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3177-2"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9774: privilege escalation via upgrade",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8cd48a33e8df530a4a18a79eb337a877"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9775: privilege escalation via removal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e3359df45e6e8201a268a6c465717fa5"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3177-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/qchilan/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/qashqao/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/joaomatosf/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/milkdevil/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/syadg123/exboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/bibortone/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/gyanaa/https-github.com-joaomatosf-jexboss "
},
{
"title": "PentestNote\n\u524d\u671f\u4fe1\u606f\u6536\u96c6\n\u6f0f\u6d1e\u653b\u51fb\n\u9c7c\u53c9\u653b\u51fb\n\u6743\u9650\u7ef4\u6301\n\u75d5\u8ff9\u6e05\u7406\n\u6a2a\u5411\u79fb\u52a8\n\u57df\u4fe1\u606f\u6536\u96c6\n\u5185\u7f51\u6e17\u900f\u5408\u96c6\npayload\u751f\u6210\npayload\u4e0b\u8f7d\u0026\u767d\u540d\u5355bypass\n\u514d\u6740\n\u53cd\u5f39shell\nlinux\u547d\u4ee4\u7b14\u8bb0\ndocker\u547d\u4ee4\u7b14\u8bb0\nubuntu\u8e29\u5751\u8bb0\u5f55\ngit \u7b14\u8bb0\n\u7f16\u7a0b\u8bed\u8a00\u5b66\u4e60\u7b14\u8bb0\n\u8bfb\u4e66\u7b14\u8bb0\n\u6f0f\u6d1e\u7b14\u8bb0",
"trust": 0.1,
"url": "https://github.com/safe6sec/pentestnote "
},
{
"title": "cyber-security-interview",
"trust": 0.1,
"url": "https://github.com/7hang/cyber-security-interview "
},
{
"title": "==========================================\nJok3r - Network and Web Pentest Framework\n=============\nMain features\n============\nInstallation\n====================\nQuick usage examples\n======================\nTypical usage example\n==================\nFull Documentation\n============================================================\nSupported Services \u0026 Security Checks (Updated on 24/10/2018)",
"trust": 0.1,
"url": "https://github.com/oneplus-x/jok3r "
},
{
"title": "https://github.com/yottaiq/jok3r",
"trust": 0.1,
"url": "https://github.com/yottaiq/jok3r "
},
{
"title": "https://github.com/trganda/dockerv",
"trust": 0.1,
"url": "https://github.com/trganda/dockerv "
},
{
"title": "https://github.com/girlkb/myVulnerabilityRecurrence",
"trust": 0.1,
"url": "https://github.com/girlkb/myvulnerabilityrecurrence "
},
{
"title": "https://github.com/woods-sega/woodswiki",
"trust": 0.1,
"url": "https://github.com/woods-sega/woodswiki "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/virgilcj/jok3r "
},
{
"title": "https://github.com/Transmetal/jok3r",
"trust": 0.1,
"url": "https://github.com/transmetal/jok3r "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/84kaliplexon3/jok3r "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/koutto/jok3r "
},
{
"title": "https://github.com/password520/RedTeamer",
"trust": 0.1,
"url": "https://github.com/password520/redteamer "
},
{
"title": "https://github.com/klionsec/RedTeamer",
"trust": 0.1,
"url": "https://github.com/klionsec/redteamer "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/klausware/java-deserialization-cheat-sheet "
},
{
"title": "https://github.com/superfish9/pt",
"trust": 0.1,
"url": "https://github.com/superfish9/pt "
},
{
"title": "https://github.com/20142995/pocsuite3",
"trust": 0.1,
"url": "https://github.com/20142995/pocsuite3 "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/mishmashclone/grrrdog-java-deserialization-cheat-sheet "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/grrrdog/java-deserialization-cheat-sheet "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/sexybeast233/secbooks "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94463"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767684"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767676"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767656"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767644"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2016/q4/502"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037331"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92250735/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3415/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159413/ubuntu-security-notice-usn-4557-1.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2017-3431551.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=49851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/joaomatosf/jexboss"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3177-2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9775"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9774"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.45+dfsg-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4557-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3177-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.9"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3177-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1659589"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94463"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2017-03-08T00:54:47",
"db": "PACKETSTORM",
"id": "141509"
},
{
"date": "2016-12-18T13:55:00",
"db": "PACKETSTORM",
"id": "140199"
},
{
"date": "2020-09-30T15:53:50",
"db": "PACKETSTORM",
"id": "159413"
},
{
"date": "2017-03-08T00:57:19",
"db": "PACKETSTORM",
"id": "141513"
},
{
"date": "2017-02-03T15:51:19",
"db": "PACKETSTORM",
"id": "140905"
},
{
"date": "2017-03-08T00:55:08",
"db": "PACKETSTORM",
"id": "141510"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"date": "2017-04-06T21:59:00.243000",
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "94463"
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"date": "2024-06-27T19:23:35.460000",
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat Updates for multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.6
}
}
var-202004-1071
Vulnerability from variot
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It exists that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202006-22
https://security.gentoo.org/
Severity: Normal Title: OpenJDK, IcedTea: Multiple vulnerabilities Date: June 15, 2020 Bugs: #718720, #720690 ID: 202006-22
Synopsis
Multiple vulnerabilities have been found in OpenJDK and IcedTea, the worst of which could result in the arbitrary execution of code.
Background
OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition.
IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/openjdk-bin < 8.252_p09 >= 8.252_p09 2 dev-java/openjdk-jre-bin < 8.252_p09 >= 8.252_p09 3 dev-java/icedtea-bin < 3.16.0 >= 3.16.0 ------------------------------------------------------------------- 3 affected packages
Description
Multiple vulnerabilities have been discovered in OpenJDK and IcedTea. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenJDK binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.252_p09"
All OpenJDK JRE binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/openjdk-jre-bin-8.252_p09"
All IcedTea binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.16.0"
References
[ 1 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 2 ] CVE-2020-2585 https://nvd.nist.gov/vuln/detail/CVE-2020-2585 [ 3 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 4 ] CVE-2020-2755 https://nvd.nist.gov/vuln/detail/CVE-2020-2755 [ 5 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 6 ] CVE-2020-2756 https://nvd.nist.gov/vuln/detail/CVE-2020-2756 [ 7 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 8 ] CVE-2020-2757 https://nvd.nist.gov/vuln/detail/CVE-2020-2757 [ 9 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 10 ] CVE-2020-2773 https://nvd.nist.gov/vuln/detail/CVE-2020-2773 [ 11 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 12 ] CVE-2020-2781 https://nvd.nist.gov/vuln/detail/CVE-2020-2781 [ 13 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 14 ] CVE-2020-2800 https://nvd.nist.gov/vuln/detail/CVE-2020-2800 [ 15 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 16 ] CVE-2020-2803 https://nvd.nist.gov/vuln/detail/CVE-2020-2803 [ 17 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 18 ] CVE-2020-2805 https://nvd.nist.gov/vuln/detail/CVE-2020-2805 [ 19 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830 [ 20 ] CVE-2020-2830 https://nvd.nist.gov/vuln/detail/CVE-2020-2830
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202006-22
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
- operator-framework/presto: /etc/passwd was given incorrect privileges (CVE-2019-19352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for release 4.4.3, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges
-
8) - aarch64, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: java-1.7.1-ibm security update Advisory ID: RHSA-2020:2236-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:2236 Issue date: 2020-05-20 CVE Names: CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 ==================================================================== 1. Summary:
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Security Fix(es):
-
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803)
-
OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805)
-
OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654)
-
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781)
-
OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800)
-
OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830)
-
OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)
-
OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of IBM Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1791217 - CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) 1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) 1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) 1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) 1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) 1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) 1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) 1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm
x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm
ppc64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm
s390x: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm
x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm
x86_64: java-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-2654 https://access.redhat.com/security/cve/CVE-2020-2756 https://access.redhat.com/security/cve/CVE-2020-2757 https://access.redhat.com/security/cve/CVE-2020-2781 https://access.redhat.com/security/cve/CVE-2020-2800 https://access.redhat.com/security/cve/CVE-2020-2803 https://access.redhat.com/security/cve/CVE-2020-2805 https://access.redhat.com/security/cve/CVE-2020-2830 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXsU9v9zjgjWX9erEAQg8Zw/+Lg7FSdhMbVk/Qy2+8RgdcPuiPfqGcUQg nT6B1XuNPo8ZHONWC+2GEsV+8SJNp8vHeZmZWn5robPd/TsB25LGCk6Kx4TQPPd8 MsGvVphXZkuIi+44R6Xj8m8CzAQLgPGrBS6fonl0fe8W/9/7ULEG327qT0Piphpy s9tlQWx3PAbtw7CnFBpOlTibadg0iyqif3egEhkUFkMYxTGBNn43GvKQAX3nfgNx FSiy8ZeAXB3u289gMmgXjJdcIxPF5KQlEsaCEU/5LB1I5YcJkleKY0YXUOaYaZ5z /AkKPho/WWogwWZBtBlAb3hWOft+grko+0QsDhSGLhr5c1YPq1PTYgmCzY54imnQ O+KBpgX61aIY9Yil+iy0uGVhC8tpIwFx4k02SlzgocNwOZu+bwGkbm34n0NIxZBL WapU4IbIiforzd8IFoMVst8gPe6hF+fI4OW20aUVfImOAarpr7QuirXWuDd0xZRv bG/SNAAFdkDVzXVwfxDVu5KyELShTJOagRvf3sZ/e22Sy3h8VuhEBV3l2UvnLpDB cXkD39sy6DAahaWBveCWLfBRCCiuOn/03g9lE2oTsTQPP8YCsv23wdTEMMXXXMhW OO6kEvVZVDtY7KL0u4KQ2f41k70O2ybLl4gLxwTmvk5VCx2xtk7Qb1gOsVPZNMA6 QF084+zkRgg=n3I2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4668-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2020 https://www.debian.org/security/faq
Package : openjdk-8 CVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805
Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
For the oldstable distribution (stretch), these problems have been fixed in version 8u252-b09-1~deb9u1.
We recommend that you upgrade your openjdk-8 packages.
For the detailed security status of openjdk-8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-8
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6ohOAACgkQEMKTtsN8 TjauDg//dewg6ej1yoHtsiqw0vxozLnwHv+6PhzFlI2x25u7W2oBc6bRM+ZefFzm Ph/AcWtCrtjGbPmukaFrSYXEKqmymcXS0otYH7v3FuvSDgPWou2jrZ0TuIt1ohfB 6jszJQgfLFdQf7Ubfv1L/+fFN5rMyOVepBSbk1cI9pJWntTUprbtA5V+z1vTP9cl 2NHGGlqAwxWHIjR/s2gKv2zoRAd46GEeEIq5e7P6xgbr/4R00JWmq/frp2wK40RT 8rc/pcSvHq5isbJAUYuf0af5+77NZMnrQZyrLRFzpTprY1DkR7bTtFIETZJwBk2F qQqfo1f/hiqwdB90UXHlscVA7YxyRojJkQ57/QM0dkGTKZCxL/JyBi5B+262Qa8k 2sgleNcPyGJjUZHNJt9C0D2TF8zBXjdqMewbu1h9jt8t7PCcgBq0EDnQdClDzESG aTzMsM4w3ssYX41vmq3O6j90HwdFTs0lDCd1HfKK2WXgCm8IoFKdiW0ofRQdXihb dFizoH8yxrW9Pk9AjQoj4goaRqElEyk9hs2Sqh1HQFtHoKujxiIuoM+XQop8/9xY g45bWIR/jzV9AcPOUkMtGean90/qfSXAqgusXJ0mCSSP4wbvYXi04qtMmeurQFeX 8JgNWPEehjQUzQqxLVQ4FNikIe3VG1UKwc6rPPHdwPXw4YqHJ2k= =Xj/N -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jdk",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.2"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "storagegrid",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.4"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "storagegrid",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.1.1"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "openjdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0.2"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"model": "openjdk",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.1"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.2.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.1.0"
},
{
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "threat intelligence exchange server",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.3.0"
},
{
"model": "openjdk",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.6"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "openjdk",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11"
},
{
"model": "active iq unified manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "storagegrid webscale",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "snapmanager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "14"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7 update 251"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8 update 241"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "14"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7 update 251"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8 update 241"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "embedded 8 update 241"
},
{
"model": "application server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for developers"
},
{
"model": "automation director",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "device manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "dynamic link manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "global link manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "infrastructure analytics advisor",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
},
{
"model": "ops center analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
},
{
"model": "ops center analyzer viewpoint",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
},
{
"model": "ops center api configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ops center automator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ops center common services",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
},
{
"model": "replication manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:14.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:11.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.0.6",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0.2",
"versionStartIncluding": "13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.1:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.0:hotfix3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.1.1:hotfix3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.2.0:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:2.3.0:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.2",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "158101"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
}
],
"trust": 0.7
},
"cve": "CVE-2020-2781",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-2781",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004278",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-2781",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004278",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-2781",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004278",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-843",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-2781",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
},
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It exists that OpenJDK incorrectly handled certain regular\nexpressions. An attacker could possibly use this issue to cause a denial of\nservice while processing a specially crafted regular expression. \n(CVE-2020-2754, CVE-2020-2755). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202006-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenJDK, IcedTea: Multiple vulnerabilities\n Date: June 15, 2020\n Bugs: #718720, #720690\n ID: 202006-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenJDK and IcedTea, the\nworst of which could result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenJDK is a free and open-source implementation of the Java Platform,\nStandard Edition. \n\nIcedTea\u2019s aim is to provide OpenJDK in a form suitable for easy\nconfiguration, compilation and distribution with the primary goal of\nallowing inclusion in GNU/Linux distributions. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/openjdk-bin \u003c 8.252_p09 \u003e= 8.252_p09 \n 2 dev-java/openjdk-jre-bin\n \u003c 8.252_p09 \u003e= 8.252_p09 \n 3 dev-java/icedtea-bin \u003c 3.16.0 \u003e= 3.16.0 \n -------------------------------------------------------------------\n 3 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenJDK and IcedTea. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenJDK binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/openjdk-bin-8.252_p09\"\n\nAll OpenJDK JRE binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/openjdk-jre-bin-8.252_p09\"\n\nAll IcedTea binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/icedtea-bin-3.16.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-2585\n https://nvd.nist.gov/vuln/detail/CVE-2020-2585\n[ 2 ] CVE-2020-2585\n https://nvd.nist.gov/vuln/detail/CVE-2020-2585\n[ 3 ] CVE-2020-2755\n https://nvd.nist.gov/vuln/detail/CVE-2020-2755\n[ 4 ] CVE-2020-2755\n https://nvd.nist.gov/vuln/detail/CVE-2020-2755\n[ 5 ] CVE-2020-2756\n https://nvd.nist.gov/vuln/detail/CVE-2020-2756\n[ 6 ] CVE-2020-2756\n https://nvd.nist.gov/vuln/detail/CVE-2020-2756\n[ 7 ] CVE-2020-2757\n https://nvd.nist.gov/vuln/detail/CVE-2020-2757\n[ 8 ] CVE-2020-2757\n https://nvd.nist.gov/vuln/detail/CVE-2020-2757\n[ 9 ] CVE-2020-2773\n https://nvd.nist.gov/vuln/detail/CVE-2020-2773\n[ 10 ] CVE-2020-2773\n https://nvd.nist.gov/vuln/detail/CVE-2020-2773\n[ 11 ] CVE-2020-2781\n https://nvd.nist.gov/vuln/detail/CVE-2020-2781\n[ 12 ] CVE-2020-2781\n https://nvd.nist.gov/vuln/detail/CVE-2020-2781\n[ 13 ] CVE-2020-2800\n https://nvd.nist.gov/vuln/detail/CVE-2020-2800\n[ 14 ] CVE-2020-2800\n https://nvd.nist.gov/vuln/detail/CVE-2020-2800\n[ 15 ] CVE-2020-2803\n https://nvd.nist.gov/vuln/detail/CVE-2020-2803\n[ 16 ] CVE-2020-2803\n https://nvd.nist.gov/vuln/detail/CVE-2020-2803\n[ 17 ] CVE-2020-2805\n https://nvd.nist.gov/vuln/detail/CVE-2020-2805\n[ 18 ] CVE-2020-2805\n https://nvd.nist.gov/vuln/detail/CVE-2020-2805\n[ 19 ] CVE-2020-2830\n https://nvd.nist.gov/vuln/detail/CVE-2020-2830\n[ 20 ] CVE-2020-2830\n https://nvd.nist.gov/vuln/detail/CVE-2020-2830\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202006-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* operator-framework/presto: /etc/passwd was given incorrect privileges\n(CVE-2019-19352)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for release 4.4.3, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1793281 - CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: java-1.7.1-ibm security update\nAdvisory ID: RHSA-2020:2236-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2236\nIssue date: 2020-05-20\nCVE Names: CVE-2020-2654 CVE-2020-2756 CVE-2020-2757\n CVE-2020-2781 CVE-2020-2800 CVE-2020-2803\n CVE-2020-2805 CVE-2020-2830\n====================================================================\n1. Summary:\n\nAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux\n6 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)\n(CVE-2020-2803)\n\n* OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries,\n8235274) (CVE-2020-2805)\n\n* OpenJDK: Excessive memory usage in OID processing in X.509 certificate\nparsing (Libraries, 8234037) (CVE-2020-2654)\n\n* OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)\n(CVE-2020-2781)\n\n* OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP\nServer, 8234825) (CVE-2020-2800)\n\n* OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)\n(CVE-2020-2830)\n\n* OpenJDK: Incorrect handling of references to uninitialized class\ndescriptors during deserialization (Serialization, 8224541) (CVE-2020-2756)\n\n* OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass\n(Serialization, 8224549) (CVE-2020-2757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1791217 - CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)\n1823215 - CVE-2020-2756 OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)\n1823216 - CVE-2020-2757 OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)\n1823527 - CVE-2020-2800 OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)\n1823542 - CVE-2020-2830 OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)\n1823694 - CVE-2020-2803 OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)\n1823844 - CVE-2020-2805 OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274)\n1823960 - CVE-2020-2781 OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\n\nppc64:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.ppc64.rpm\n\ns390x:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.s390x.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.i686.rpm\n\nx86_64:\njava-1.7.1-ibm-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-demo-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-devel-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-jdbc-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-plugin-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\njava-1.7.1-ibm-src-1.7.1.4.65-1jpp.1.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-2654\nhttps://access.redhat.com/security/cve/CVE-2020-2756\nhttps://access.redhat.com/security/cve/CVE-2020-2757\nhttps://access.redhat.com/security/cve/CVE-2020-2781\nhttps://access.redhat.com/security/cve/CVE-2020-2800\nhttps://access.redhat.com/security/cve/CVE-2020-2803\nhttps://access.redhat.com/security/cve/CVE-2020-2805\nhttps://access.redhat.com/security/cve/CVE-2020-2830\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXsU9v9zjgjWX9erEAQg8Zw/+Lg7FSdhMbVk/Qy2+8RgdcPuiPfqGcUQg\nnT6B1XuNPo8ZHONWC+2GEsV+8SJNp8vHeZmZWn5robPd/TsB25LGCk6Kx4TQPPd8\nMsGvVphXZkuIi+44R6Xj8m8CzAQLgPGrBS6fonl0fe8W/9/7ULEG327qT0Piphpy\ns9tlQWx3PAbtw7CnFBpOlTibadg0iyqif3egEhkUFkMYxTGBNn43GvKQAX3nfgNx\nFSiy8ZeAXB3u289gMmgXjJdcIxPF5KQlEsaCEU/5LB1I5YcJkleKY0YXUOaYaZ5z\n/AkKPho/WWogwWZBtBlAb3hWOft+grko+0QsDhSGLhr5c1YPq1PTYgmCzY54imnQ\nO+KBpgX61aIY9Yil+iy0uGVhC8tpIwFx4k02SlzgocNwOZu+bwGkbm34n0NIxZBL\nWapU4IbIiforzd8IFoMVst8gPe6hF+fI4OW20aUVfImOAarpr7QuirXWuDd0xZRv\nbG/SNAAFdkDVzXVwfxDVu5KyELShTJOagRvf3sZ/e22Sy3h8VuhEBV3l2UvnLpDB\ncXkD39sy6DAahaWBveCWLfBRCCiuOn/03g9lE2oTsTQPP8YCsv23wdTEMMXXXMhW\nOO6kEvVZVDtY7KL0u4KQ2f41k70O2ybLl4gLxwTmvk5VCx2xtk7Qb1gOsVPZNMA6\nQF084+zkRgg=n3I2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4668-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 28, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-8\nCVE ID : CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 \n CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 \n CVE-2020-2805\n\nSeveral vulnerabilities have been discovered in the OpenJDK Java runtime,\nresulting in denial of service, insecure TLS handshakes, bypass of\nsandbox restrictions or HTTP response splitting attacks. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 8u252-b09-1~deb9u1. \n\nWe recommend that you upgrade your openjdk-8 packages. \n\nFor the detailed security status of openjdk-8 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-8\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6ohOAACgkQEMKTtsN8\nTjauDg//dewg6ej1yoHtsiqw0vxozLnwHv+6PhzFlI2x25u7W2oBc6bRM+ZefFzm\nPh/AcWtCrtjGbPmukaFrSYXEKqmymcXS0otYH7v3FuvSDgPWou2jrZ0TuIt1ohfB\n6jszJQgfLFdQf7Ubfv1L/+fFN5rMyOVepBSbk1cI9pJWntTUprbtA5V+z1vTP9cl\n2NHGGlqAwxWHIjR/s2gKv2zoRAd46GEeEIq5e7P6xgbr/4R00JWmq/frp2wK40RT\n8rc/pcSvHq5isbJAUYuf0af5+77NZMnrQZyrLRFzpTprY1DkR7bTtFIETZJwBk2F\nqQqfo1f/hiqwdB90UXHlscVA7YxyRojJkQ57/QM0dkGTKZCxL/JyBi5B+262Qa8k\n2sgleNcPyGJjUZHNJt9C0D2TF8zBXjdqMewbu1h9jt8t7PCcgBq0EDnQdClDzESG\naTzMsM4w3ssYX41vmq3O6j90HwdFTs0lDCd1HfKK2WXgCm8IoFKdiW0ofRQdXihb\ndFizoH8yxrW9Pk9AjQoj4goaRqElEyk9hs2Sqh1HQFtHoKujxiIuoM+XQop8/9xY\ng45bWIR/jzV9AcPOUkMtGean90/qfSXAqgusXJ0mCSSP4wbvYXi04qtMmeurQFeX\n8JgNWPEehjQUzQqxLVQ4FNikIe3VG1UKwc6rPPHdwPXw4YqHJ2k=\n=Xj/N\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"db": "PACKETSTORM",
"id": "158101"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157779"
},
{
"db": "PACKETSTORM",
"id": "157331"
},
{
"db": "PACKETSTORM",
"id": "157776"
},
{
"db": "PACKETSTORM",
"id": "168802"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-2781",
"trust": 3.3
},
{
"db": "MCAFEE",
"id": "SB10318",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158101",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157351",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157331",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1730",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1797",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2622",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1414",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1582",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4416",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2646",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1628",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1468",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1439",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2738",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1401",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3108",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2113",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1984",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1746",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157782",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157550",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157363",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47993",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-2781",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157549",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157779",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157776",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168802",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "PACKETSTORM",
"id": "158101"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157779"
},
{
"db": "PACKETSTORM",
"id": "157331"
},
{
"db": "PACKETSTORM",
"id": "157776"
},
{
"db": "PACKETSTORM",
"id": "168802"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
},
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"id": "VAR-202004-1071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27142859
},
"last_update_date": "2023-11-07T20:38:03.308000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2020-108",
"trust": 0.8,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-108/index.html"
},
{
"title": "hitachi-sec-2020-111",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-111/index.html"
},
{
"title": "NTAP-20200416-0004",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2020",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2020 Risk Matrices",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html"
},
{
"title": "hitachi-sec-2020-111",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-111/index.html"
},
{
"title": "hitachi-sec-2020-108",
"trust": 0.8,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-108/index.html"
},
{
"title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/oracle/20200416.html"
},
{
"title": "Oracle Java SE and Java SE Embedded Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=113967"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202238 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201508 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202236 - security advisory"
},
{
"title": "Red Hat: Important: java-1.7.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201507 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201515 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201506 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202239 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201512 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201516 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201514 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202241 - security advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202237 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201517 - security advisory"
},
{
"title": "Red Hat: Important: java-11-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201509 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.3 presto-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201942 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.3 hadoop-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201938 - security advisory"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Z Development and Test Environment \u2013 April 2020",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=34684cce4ea4ca724278f61f0e9e4d2b"
},
{
"title": "Debian Security Advisories: DSA-4668-1 openjdk-8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d7cce1580c49512354cd13b73064c4ab"
},
{
"title": "Ubuntu Security Notice: openjdk-8, openjdk-lts vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4337-1"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1365",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1365"
},
{
"title": "Amazon Linux AMI: ALAS-2023-1809",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2023-1809"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1424",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1424"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1421",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1421"
},
{
"title": "Debian Security Advisories: DSA-4662-1 openjdk-11 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fcc7953c1496c4d2bf29bdda0aeb34d3"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ca8040b949152189bea3a3126afcd39"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1410",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1410"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-111"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-108"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in OpenJDK version 11 affect IBM InfoSphere Information Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04093f22959e96a7bb3ed8715aa18c0e"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-2781 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2781"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4337-1/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202006-22"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4662"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4668"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7vhc4ew36kzeidq56rpcwbzcqelffkn/"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckav6kffaeanxan73aftgu7z6ynrwcxq/"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyhhhzrhxcbgrhge5up7ueb4iz2qx536/"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10318"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202209-15"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2781"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-2781"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200415-jre.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200017.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2757"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2756"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2803"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2805"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2800"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-z-development-and-test-environment-april-2020/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2830"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2755"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2773"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2757"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2754"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2805"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2830"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2800"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2756"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-2803"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-websphere-mq-internet-pass-thru-april-2020-includes-oracle-april-2020-cpu-cve-2020-2781/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1401/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-java-se-vulnerability-affects-ibm-control-center-cve-2020-2781/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-4/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1582/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-sb0003748/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-java/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-rational-build-forge/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-cve-2020-2654-cve-2020-2781-cve-2020-2800/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2300/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-8/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-java-openjdk-vulnerabilities-of-april-2020-32028"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affects-liberty-for-java-for-ibm-cloud/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47993"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1468/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3108/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-planning-q12021/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-java-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-watson-machine-learning-service-is-impacted-by-security-vulnerabilities-in-openjdk-11/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-and-apache-tomcat-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-v9000-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2113/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-apr-2020/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-sterling-secure-proxy-cve-2020-2781/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2622/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2646/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2020-cpu-plus-deferred-cve-2019-2949-and-cve-2020-2654/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-connectdirect-web-services/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157782/red-hat-security-advisory-2020-2241-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-4/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-ediscovery-analyzer-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1439/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-affects-ibm-cloud-application-business-insights/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158101/gentoo-linux-security-advisory-202006-22.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-april-2020-critical-patch-update-for-java/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-7/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-unix-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4416/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-october-2019-january-2020-and-april-2020-cpus/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2738/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1746/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1730/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1984/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affects-ibm-mq/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1414/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-for-ibm-cloud-private-vm-quickstarter/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157351/red-hat-security-advisory-2020-1515-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-primary-tabs/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-the-ibm-flashsystem-models-840-and-900/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157331/red-hat-security-advisory-2020-1514-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157550/red-hat-security-advisory-2020-1938-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerabilities-affect-the-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-for-microsoft-windows-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-storediq-instascan/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1628/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1797/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-5/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157363/ubuntu-security-notice-usn-4337-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-sb003732/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-2754"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-2755"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-2773"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2654"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2654"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-2781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2585"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19352"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2236"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openjdk-8"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "PACKETSTORM",
"id": "158101"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157779"
},
{
"db": "PACKETSTORM",
"id": "157331"
},
{
"db": "PACKETSTORM",
"id": "157776"
},
{
"db": "PACKETSTORM",
"id": "168802"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
},
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"db": "PACKETSTORM",
"id": "158101"
},
{
"db": "PACKETSTORM",
"id": "157350"
},
{
"db": "PACKETSTORM",
"id": "157351"
},
{
"db": "PACKETSTORM",
"id": "157549"
},
{
"db": "PACKETSTORM",
"id": "157779"
},
{
"db": "PACKETSTORM",
"id": "157331"
},
{
"db": "PACKETSTORM",
"id": "157776"
},
{
"db": "PACKETSTORM",
"id": "168802"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
},
{
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"date": "2020-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"date": "2020-06-16T00:55:56",
"db": "PACKETSTORM",
"id": "158101"
},
{
"date": "2020-04-22T15:11:05",
"db": "PACKETSTORM",
"id": "157350"
},
{
"date": "2020-04-22T15:11:12",
"db": "PACKETSTORM",
"id": "157351"
},
{
"date": "2020-05-04T17:28:54",
"db": "PACKETSTORM",
"id": "157549"
},
{
"date": "2020-05-20T16:01:16",
"db": "PACKETSTORM",
"id": "157779"
},
{
"date": "2020-04-21T20:00:19",
"db": "PACKETSTORM",
"id": "157331"
},
{
"date": "2020-05-20T15:59:45",
"db": "PACKETSTORM",
"id": "157776"
},
{
"date": "2020-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "168802"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-843"
},
{
"date": "2020-04-15T14:15:00",
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-2781"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004278"
},
{
"date": "2022-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-843"
},
{
"date": "2022-09-30T14:42:00",
"db": "NVD",
"id": "CVE-2020-2781"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Java SE and Java SE Embedded In JSSE Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-843"
}
],
"trust": 0.6
}
}
cve-2018-5489
Vulnerability from cvelistv5
Published
2018-08-03 13:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20150323-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NetApp | 7-Mode Transition Tool |
Version: Versions below 2.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150323-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "7-Mode Transition Tool",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions below 2.0"
}
]
}
],
"datePublic": "2015-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Authorization Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T12:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20150323-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2015-03-23T00:00:00",
"ID": "CVE-2018-5489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "7-Mode Transition Tool",
"version": {
"version_data": [
{
"version_value": "Versions below 2.0"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20150323-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150323-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5489",
"datePublished": "2018-08-03T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:51:07.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}