Vulnerabilites related to IBM - Cognos Controller
cve-2024-25037
Vulnerability from cvelistv5
Published
2025-01-07 15:51
Modified
2025-01-07 16:55
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Controller |
Version: 11.1.0 cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25037", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T16:55:06.594831Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-07T16:55:19.458Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T15:51:46.425Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179163", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25037", datePublished: "2025-01-07T15:51:46.425Z", dateReserved: "2024-02-03T14:49:24.713Z", dateUpdated: "2025-01-07T16:55:19.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47160
Vulnerability from cvelistv5
Published
2025-02-19 16:20
Modified
2025-02-19 16:44
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-47160", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T16:44:36.868285Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T16:44:46.227Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "affected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.</span>\n\n</span>\n\n</span>\n\n\n\n\n\n\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\n\n\nis vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611 Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T16:20:09.058Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller XML external entity injection", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-47160", datePublished: "2025-02-19T16:20:09.058Z", dateReserved: "2023-10-31T00:13:45.654Z", dateUpdated: "2025-02-19T16:44:46.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25019
Vulnerability from cvelistv5
Published
2024-12-03 16:29
Modified
2024-12-03 16:49
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25019", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T16:48:58.835502Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T16:49:24.555Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\ncould be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T16:29:12.827Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller file upload", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25019", datePublished: "2024-12-03T16:29:12.827Z", dateReserved: "2024-02-03T14:48:56.577Z", dateUpdated: "2024-12-03T16:49:24.555Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4136
Vulnerability from cvelistv5
Published
2019-06-17 15:10
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10886913 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158332 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.2.1 Version: 10.2.0 Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:26:27.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194136-xss (158332)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158332", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.2.1", }, { status: "affected", version: "10.2.0", }, { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, ], }, ], datePublic: "2019-06-13T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/S:C/AC:L/C:L/AV:N/A:N/PR:L/UI:R/I:L/RC:C/E:H/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-17T15:10:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194136-xss (158332)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158332", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-13T00:00:00", ID: "CVE-2019-4136", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.2.1", }, { version_value: "10.2.0", }, { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "L", PR: "L", S: "C", UI: "R", }, TM: { E: "H", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", refsource: "CONFIRM", title: "IBM Security Bulletin 886913 (Cognos Controller)", url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194136-xss (158332)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158332", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4136", datePublished: "2019-06-17T15:10:22.797749Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T20:43:19.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41777
Vulnerability from cvelistv5
Published
2024-12-03 17:10
Modified
2024-12-03 17:49
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-41777", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T17:49:44.366404Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T17:49:50.964Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\n\n\n\n\n\n\ncontains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T17:10:06.403Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller hard coded credentials", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-41777", datePublished: "2024-12-03T17:10:06.403Z", dateReserved: "2024-07-22T12:02:59.129Z", dateUpdated: "2024-12-03T17:49:50.964Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25035
Vulnerability from cvelistv5
Published
2024-12-03 16:43
Modified
2024-12-03 19:10
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25035", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T19:09:55.801916Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T19:10:03.459Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\nexposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-497", description: "CWE-497 Exposure of System Data to an Unauthorized Control Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T16:43:29.811Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25035", datePublished: "2024-12-03T16:43:29.811Z", dateReserved: "2024-02-03T14:49:24.713Z", dateUpdated: "2024-12-03T19:10:03.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20451
Vulnerability from cvelistv5
Published
2024-05-03 18:16
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/196643 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.1", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.2", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2021-20451", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T20:41:06.165901Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:41.075Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T17:37:24.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196643", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T18:16:24.867Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196643", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller SQL injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20451", datePublished: "2024-05-03T18:16:24.867Z", dateReserved: "2020-12-17T19:17:34.736Z", dateUpdated: "2024-08-03T17:37:24.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40695
Vulnerability from cvelistv5
Published
2024-05-03 18:18
Modified
2024-08-02 18:38
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/264938 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-40695", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T16:45:07.541528Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T16:45:18.635Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.283Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613 Insufficient Session Expiration", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T18:18:46.183Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264938", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller session fixation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40695", datePublished: "2024-05-03T18:18:46.183Z", dateReserved: "2023-08-18T15:48:17.571Z", dateUpdated: "2024-08-02T18:38:51.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4175
Vulnerability from cvelistv5
Published
2019-09-17 19:05
Modified
2024-09-17 01:17
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158880 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 Version: 10.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", }, { name: "ibm-cognos-cve20194175-info-disc (158880)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158880", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, ], }, ], datePublic: "2019-09-09T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/UI:N/C:H/I:N/PR:N/AC:H/S:U/AV:N/E:U/RC:C/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-17T19:05:23", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", }, { name: "ibm-cognos-cve20194175-info-disc (158880)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158880", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-09T00:00:00", ID: "CVE-2019-4175", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, { version_value: "10.4.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", refsource: "CONFIRM", title: "IBM Security Bulletin 1072744 (Cognos Controller)", url: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", }, { name: "ibm-cognos-cve20194175-info-disc (158880)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158880", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4175", datePublished: "2019-09-17T19:05:23.774064Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:17:04.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45676
Vulnerability from cvelistv5
Published
2024-12-03 17:08
Modified
2024-12-03 17:55
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user to upload insecure files, due to insufficient file type distinction.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45676", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T17:49:24.107791Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T17:55:03.449Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow an authenticated user to upload insecure files, due to insufficient file type distinction.</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\n\n\n\n\ncould allow an authenticated user to upload insecure files, due to insufficient file type distinction.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-351", description: "CWE-351 Insufficient Type Distinction", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T17:08:51.441Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller file upload", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45676", datePublished: "2024-12-03T17:08:51.441Z", dateReserved: "2024-09-03T13:50:43.964Z", dateUpdated: "2024-12-03T17:55:03.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29892
Vulnerability from cvelistv5
Published
2024-12-03 16:27
Modified
2024-12-03 16:50
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-29892", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T16:49:42.915793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T16:50:18.488Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319 Cleartext Transmission of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T16:27:40.657Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29892", datePublished: "2024-12-03T16:27:40.657Z", dateReserved: "2021-03-31T20:12:10.454Z", dateUpdated: "2024-12-03T16:50:18.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23474
Vulnerability from cvelistv5
Published
2024-05-03 17:15
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/245403 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.1", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.2", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-23474", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T15:23:47.016977Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:22:31.104Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:35:32.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/245403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T17:15:55.611Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/245403", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-23474", datePublished: "2024-05-03T17:15:55.611Z", dateReserved: "2023-01-12T16:24:46.603Z", dateUpdated: "2024-08-02T10:35:32.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45084
Vulnerability from cvelistv5
Published
2025-02-19 15:24
Modified
2025-02-19 16:24
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45084", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T16:24:29.148111Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T16:24:33.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "affected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\ncould allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T15:24:03.216Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller CSV injection", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45084", datePublished: "2025-02-19T15:24:03.216Z", dateReserved: "2024-08-21T19:11:05.063Z", dateUpdated: "2025-02-19T16:24:33.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4411
Vulnerability from cvelistv5
Published
2019-11-09 01:41
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1086123 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/162658 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 Version: 10.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1086123", }, { name: "ibm-cognos-cve20194411-info-disc (162658)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, ], }, ], datePublic: "2019-11-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.8, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/A:N/C:L/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-09T01:41:07", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1086123", }, { name: "ibm-cognos-cve20194411-info-disc (162658)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-11-08T00:00:00", ID: "CVE-2019-4411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, { version_value: "10.4.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1086123", refsource: "CONFIRM", title: "IBM Security Bulletin 1086123 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/1086123", }, { name: "ibm-cognos-cve20194411-info-disc (162658)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162658", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4411", datePublished: "2019-11-09T01:41:07.777945Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:41:59.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4176
Vulnerability from cvelistv5
Published
2019-06-17 15:10
Modified
2024-09-16 16:38
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10886913 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158881 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.2.1 Version: 10.2.0 Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.070Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194176-info-disc (158881)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158881", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.2.1", }, { status: "affected", version: "10.2.0", }, { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, ], }, ], datePublic: "2019-06-13T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.6, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/C:L/AC:L/S:U/I:N/UI:N/PR:N/A:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-17T15:10:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194176-info-disc (158881)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158881", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-13T00:00:00", ID: "CVE-2019-4176", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.2.1", }, { version_value: "10.2.0", }, { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", refsource: "CONFIRM", title: "IBM Security Bulletin 886913 (Cognos Controller)", url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194176-info-disc (158881)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158881", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4176", datePublished: "2019-06-17T15:10:22.914473Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T16:38:19.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28777
Vulnerability from cvelistv5
Published
2025-02-19 16:04
Modified
2025-02-19 16:24
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28777", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T16:23:49.279960Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T16:24:01.383Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "affected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.</span>\n\n</span>\n\n\n\n\n\n\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\nis vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T16:04:19.920Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller code execution", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-28777", datePublished: "2025-02-19T16:04:19.920Z", dateReserved: "2024-03-10T12:23:11.490Z", dateUpdated: "2025-02-19T16:24:01.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4173
Vulnerability from cvelistv5
Published
2019-06-17 15:10
Modified
2024-09-17 00:37
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10886913 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158878 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.2.1 Version: 10.2.0 Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194173-info-disc (158878)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158878", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.2.1", }, { status: "affected", version: "10.2.0", }, { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, ], }, ], datePublic: "2019-06-13T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/UI:N/PR:L/I:N/S:U/AC:L/C:H/AV:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-17T15:10:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194173-info-disc (158878)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158878", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-13T00:00:00", ID: "CVE-2019-4173", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.2.1", }, { version_value: "10.2.0", }, { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data from process memory and obtain sensitive information. IBM X-Force ID: 158878.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "N", C: "H", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", refsource: "CONFIRM", title: "IBM Security Bulletin 886913 (Cognos Controller)", url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194173-info-disc (158878)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158878", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4173", datePublished: "2019-06-17T15:10:22.837762Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T00:37:17.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40696
Vulnerability from cvelistv5
Published
2024-05-03 17:34
Modified
2024-08-02 18:38
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/264939 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-40696", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T16:46:03.502337Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T16:46:19.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.060Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264939", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T17:34:30.280Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264939", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40696", datePublished: "2024-05-03T17:34:30.280Z", dateReserved: "2023-08-18T15:48:17.571Z", dateUpdated: "2024-08-02T18:38:51.060Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4412
Vulnerability from cvelistv5
Published
2019-11-09 01:41
Modified
2024-09-16 17:34
Severity ?
EPSS score ?
Summary
IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1086123 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/162659 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 Version: 10.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:38.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1086123", }, { name: "ibm-cognos-cve20194412-info-disc (162659)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, ], }, ], datePublic: "2019-11-08T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.2, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/AV:N/S:U/C:L/A:N/UI:N/PR:N/I:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-09T01:41:08", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1086123", }, { name: "ibm-cognos-cve20194412-info-disc (162659)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-11-08T00:00:00", ID: "CVE-2019-4412", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, { version_value: "10.4.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1086123", refsource: "CONFIRM", title: "IBM Security Bulletin 1086123 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/1086123", }, { name: "ibm-cognos-cve20194412-info-disc (162659)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/162659", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4412", datePublished: "2019-11-09T01:41:08.188340Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:34:22.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4875
Vulnerability from cvelistv5
Published
2022-01-21 17:20
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6509856 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190838 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.0 Version: 10.4.1 Version: 10.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204875-xxe (190838)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190838", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, { status: "affected", version: "10.4.2", }, ], }, ], datePublic: "2022-01-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/AV:N/AC:L/I:N/PR:L/S:U/A:L/C:H/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-21T17:20:16", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204875-xxe (190838)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190838", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-20T00:00:00", ID: "CVE-2020-4875", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.4.0", }, { version_value: "10.4.1", }, { version_value: "10.4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "H", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6509856", refsource: "CONFIRM", title: "IBM Security Bulletin 6509856 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204875-xxe (190838)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190838", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4875", datePublished: "2022-01-21T17:20:17.045232Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:28:17.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4177
Vulnerability from cvelistv5
Published
2019-06-17 15:10
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10886913 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158882 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.2.1 Version: 10.2.0 Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.505Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194177-info-disc (158882)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158882", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.2.1", }, { status: "affected", version: "10.2.0", }, { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, ], }, ], datePublic: "2019-06-13T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/PR:N/I:N/A:N/C:L/AV:L/S:U/AC:L/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-17T15:10:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194177-info-disc (158882)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158882", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-13T00:00:00", ID: "CVE-2019-4177", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.2.1", }, { version_value: "10.2.0", }, { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", refsource: "CONFIRM", title: "IBM Security Bulletin 886913 (Cognos Controller)", url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194177-info-disc (158882)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158882", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4177", datePublished: "2019-06-17T15:10:22.951547Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:16:26.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22364
Vulnerability from cvelistv5
Published
2024-05-03 18:14
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/220903 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { lessThanOrEqual: "10.4.2", status: "affected", version: "10.4.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-22364", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T20:54:09.681072Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:16:32.227Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/220903", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-350", description: "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T18:14:34.420Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/220903", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller security bypass", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22364", datePublished: "2024-05-03T18:14:34.420Z", dateReserved: "2022-01-03T22:29:20.933Z", dateUpdated: "2024-08-03T03:14:55.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45081
Vulnerability from cvelistv5
Published
2025-02-19 15:37
Modified
2025-02-19 15:52
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an authenticated user to modify restricted content due to incorrect authorization checks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45081", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T15:52:11.914980Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T15:52:23.655Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "affected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow an authenticated user to modify restricted content due to incorrect authorization checks.</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n\n\ncould allow an authenticated user to modify restricted content due to incorrect authorization checks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T15:37:09.745Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller incorrect authorization", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-45081", datePublished: "2025-02-19T15:37:09.745Z", dateReserved: "2024-08-21T19:11:05.062Z", dateUpdated: "2025-02-19T15:52:23.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20450
Vulnerability from cvelistv5
Published
2024-05-03 16:55
Modified
2024-12-05 20:36
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/196640 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-20450", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T16:47:01.151601Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-565", description: "CWE-565 Reliance on Cookies without Validation and Integrity Checking", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-05T20:36:10.987Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T17:37:24.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 196640.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T16:55:57.932Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/196640", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20450", datePublished: "2024-05-03T16:55:57.932Z", dateReserved: "2020-12-17T19:17:34.736Z", dateUpdated: "2024-12-05T20:36:10.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38724
Vulnerability from cvelistv5
Published
2024-05-03 17:36
Modified
2024-08-02 17:46
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/262183 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.1", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.2", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-38724", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T16:08:25.260891Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:28:08.894Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.692Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262183", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T17:36:13.659Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262183", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller SQL injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38724", datePublished: "2024-05-03T17:36:13.659Z", dateReserved: "2023-07-25T00:01:06.100Z", dateUpdated: "2024-08-02T17:46:56.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4876
Vulnerability from cvelistv5
Published
2022-01-21 17:20
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6509856 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190839 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.0 Version: 10.4.1 Version: 10.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.926Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204876-xxe (190839)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190839", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, { status: "affected", version: "10.4.2", }, ], }, ], datePublic: "2022-01-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:H/A:L/PR:L/S:U/I:N/AC:L/AV:N/UI:N/RC:C/RL:O/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-21T17:20:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204876-xxe (190839)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190839", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-20T00:00:00", ID: "CVE-2020-4876", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.4.0", }, { version_value: "10.4.1", }, { version_value: "10.4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "H", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6509856", refsource: "CONFIRM", title: "IBM Security Bulletin 6509856 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204876-xxe (190839)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190839", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4876", datePublished: "2022-01-21T17:20:18.549849Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T01:16:21.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41776
Vulnerability from cvelistv5
Published
2024-12-03 17:11
Modified
2024-12-03 17:55
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-41776", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T17:49:29.939096Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T17:55:03.583Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\n\n\n\n\n\n\n\n\nis vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T17:11:15.554Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller cross-site request forgery", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-41776", datePublished: "2024-12-03T17:11:15.554Z", dateReserved: "2024-07-22T12:02:59.129Z", dateUpdated: "2024-12-03T17:55:03.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39163
Vulnerability from cvelistv5
Published
2025-03-26 13:51
Modified
2025-03-26 15:57
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7192746 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 cpe:2.3:a:ibm:controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:controller:11.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-39163", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T15:57:09.709843Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-26T15:57:15.282Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:controller:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.", }, ], value: "IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T13:51:51.469Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7192746", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller HTTP response smuggling", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-39163", datePublished: "2025-03-26T13:51:51.469Z", dateReserved: "2022-09-01T20:20:58.938Z", dateUpdated: "2025-03-26T15:57:15.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28776
Vulnerability from cvelistv5
Published
2025-02-19 16:02
Modified
2025-02-19 16:24
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28776", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T16:24:37.071556Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T16:24:51.799Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "affected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</span>\n\n\n\n\n\n\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 \n\nis vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T16:02:08.425Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller cross-site scripting", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-28776", datePublished: "2025-02-19T16:02:08.425Z", dateReserved: "2024-03-10T12:23:11.490Z", dateUpdated: "2025-02-19T16:24:51.799Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4174
Vulnerability from cvelistv5
Published
2019-06-17 15:10
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10886913 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158879 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.2.1 Version: 10.2.0 Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:38.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194174-info-disc (158879)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158879", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.2.1", }, { status: "affected", version: "10.2.0", }, { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, ], }, ], datePublic: "2019-06-13T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.5, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/A:N/I:N/UI:N/PR:N/AC:L/S:U/AV:L/C:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-17T15:10:22", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194174-info-disc (158879)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158879", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-06-13T00:00:00", ID: "CVE-2019-4174", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.2.1", }, { version_value: "10.2.0", }, { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", refsource: "CONFIRM", title: "IBM Security Bulletin 886913 (Cognos Controller)", url: "http://www.ibm.com/support/docview.wss?uid=ibm10886913", }, { name: "ibm-cognos-cve20194174-info-disc (158879)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158879", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4174", datePublished: "2019-06-17T15:10:22.875817Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T17:58:11.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28780
Vulnerability from cvelistv5
Published
2025-02-19 15:39
Modified
2025-02-19 15:50
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client
uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28780", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T15:50:23.816647Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T15:50:37.543Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "affected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client \n\n\n\n\n\nuses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T15:39:38.371Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-28780", datePublished: "2025-02-19T15:39:38.371Z", dateReserved: "2024-03-10T12:23:24.001Z", dateUpdated: "2025-02-19T15:50:37.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40691
Vulnerability from cvelistv5
Published
2024-12-03 16:41
Modified
2024-12-03 19:10
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40691", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T19:10:20.787413Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T19:10:40.681Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\ncould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T16:41:37.813Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller file upload", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-40691", datePublished: "2024-12-03T16:41:37.813Z", dateReserved: "2024-07-08T19:31:03.051Z", dateUpdated: "2024-12-03T19:10:40.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28952
Vulnerability from cvelistv5
Published
2024-05-03 17:39
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/251463 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.1", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.2", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-28952", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T16:03:26.941334Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:28:50.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/251463", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-117", description: "CWE-117 Improper Output Neutralization for Logs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T17:39:23.634Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/251463", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller log injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-28952", datePublished: "2024-05-03T17:39:23.634Z", dateReserved: "2023-03-29T01:33:55.065Z", dateUpdated: "2024-08-02T13:51:38.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-4171
Vulnerability from cvelistv5
Published
2019-09-17 19:05
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/158876 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 Version: 10.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:33:37.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", }, { name: "ibm-cognos-cve20194171-info-disc (158876)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, ], }, ], datePublic: "2019-09-09T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 3.2, temporalSeverity: "LOW", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/A:N/AC:H/S:U/AV:N/C:L/I:N/PR:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-17T19:05:23", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", }, { name: "ibm-cognos-cve20194171-info-disc (158876)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-09-09T00:00:00", ID: "CVE-2019-4171", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, { version_value: "10.4.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "L", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", refsource: "CONFIRM", title: "IBM Security Bulletin 1072744 (Cognos Controller)", url: "https://www.ibm.com/support/pages/security-bulletin-security-vulnerabilties-exist-ibm-cognos-controller", }, { name: "ibm-cognos-cve20194171-info-disc (158876)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/158876", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4171", datePublished: "2019-09-17T19:05:23.715553Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T01:41:47.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25036
Vulnerability from cvelistv5
Published
2024-12-03 16:44
Modified
2024-12-03 19:09
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25036", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T19:09:04.616115Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T19:09:42.192Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\n\n\ncould allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-288", description: "CWE-288 Authentication Bypass Using an Alternate Path or Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T16:44:55.741Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller authentication bypass", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25036", datePublished: "2024-12-03T16:44:55.741Z", dateReserved: "2024-02-03T14:49:24.713Z", dateUpdated: "2024-12-03T19:09:42.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52902
Vulnerability from cvelistv5
Published
2025-02-19 14:50
Modified
2025-02-19 15:26
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7183597 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Cognos Controller |
Version: 11.0.0 ≤ 11.0.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52902", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-19T15:25:58.534638Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-19T15:26:06.517Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { changes: [ { at: "FP3", status: "unaffected", }, ], lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, { cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:cognos_controller:*:*:*:*:*:*:*:*", versionEndIncluding: "11.0.1:update_pack_3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.</span>", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-19T14:50:24.376Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7183597", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-52902", datePublished: "2025-02-19T14:50:24.376Z", dateReserved: "2024-11-17T14:25:57.179Z", dateUpdated: "2025-02-19T15:26:06.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20455
Vulnerability from cvelistv5
Published
2025-01-07 16:04
Modified
2025-01-07 16:58
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Controller |
Version: 11.1.0 cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-20455", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T16:58:35.972262Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-07T16:58:53.303Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T16:04:37.010Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179163", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20455", datePublished: "2025-01-07T16:04:37.010Z", dateReserved: "2020-12-17T19:17:34.738Z", dateUpdated: "2025-01-07T16:58:53.303Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20556
Vulnerability from cvelistv5
Published
2024-05-03 17:31
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/199181 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.1", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "10.4.2", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cognos_controller", vendor: "ibm", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2021-20556", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T15:50:40.743794Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:41.944Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T17:45:44.323Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-204", description: "CWE-204 Response Discrepancy Information Exposure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T17:31:31.243Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199181", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-20556", datePublished: "2024-05-03T17:31:31.243Z", dateReserved: "2020-12-17T19:17:34.773Z", dateUpdated: "2024-08-03T17:45:44.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28778
Vulnerability from cvelistv5
Published
2025-01-07 15:57
Modified
2025-01-07 16:47
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Controller |
Version: 11.1.0 cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28778", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T16:47:08.512733Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-07T16:47:18.576Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T15:57:13.969Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179163", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-28778", datePublished: "2025-01-07T15:57:13.969Z", dateReserved: "2024-03-10T12:23:11.490Z", dateUpdated: "2025-01-07T16:47:18.576Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4879
Vulnerability from cvelistv5
Published
2022-01-21 17:20
Modified
2024-09-16 17:23
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6509856 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190847 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.0 Version: 10.4.1 Version: 10.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204879-priv-escalation (190847)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190847", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, { status: "affected", version: "10.4.2", }, ], }, ], datePublic: "2022-01-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/C:L/A:L/S:U/PR:N/I:L/AC:L/AV:N/UI:N/E:U/RL:O/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-21T17:20:21", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204879-priv-escalation (190847)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190847", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-20T00:00:00", ID: "CVE-2020-4879", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.4.0", }, { version_value: "10.4.1", }, { version_value: "10.4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6509856", refsource: "CONFIRM", title: "IBM Security Bulletin 6509856 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204879-priv-escalation (190847)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190847", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4879", datePublished: "2022-01-21T17:20:21.768568Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T17:23:10.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25020
Vulnerability from cvelistv5
Published
2024-12-03 17:12
Modified
2024-12-03 17:55
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-25020", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T17:49:35.788558Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T17:55:03.716Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 \n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks.</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 \n\n\n\n\n\n\n\n\n\n\n\n\n\nis vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T17:12:31.430Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller file upload", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-25020", datePublished: "2024-12-03T17:12:31.430Z", dateReserved: "2024-02-03T14:48:56.577Z", dateUpdated: "2024-12-03T17:55:03.716Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22363
Vulnerability from cvelistv5
Published
2025-01-07 16:07
Modified
2025-01-07 16:58
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Controller |
Version: 11.1.0 cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-22363", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T16:58:05.297251Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-07T16:58:21.218Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T16:07:00.578Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179163", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22363", datePublished: "2025-01-07T16:07:00.578Z", dateReserved: "2022-01-03T22:29:20.933Z", dateUpdated: "2025-01-07T16:58:21.218Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4874
Vulnerability from cvelistv5
Published
2024-05-03 16:47
Modified
2024-08-04 08:14
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7149876 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190837 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.1, 10.4.2, 11.0.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2020-4874", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-03T19:17:22.396389Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:31.072Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.004Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190837", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.1, 10.4.2, 11.0.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.", }, ], value: "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T16:47:19.927Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7149876", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190837", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4874", datePublished: "2024-05-03T16:47:19.927Z", dateReserved: "2019-12-30T00:00:00.000Z", dateUpdated: "2024-08-04T08:14:59.004Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40702
Vulnerability from cvelistv5
Published
2025-01-07 16:02
Modified
2025-01-07 16:59
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Controller |
Version: 11.1.0 cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40702", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T16:59:15.610169Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-07T16:59:26.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:controller:11.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.1.0", }, ], }, { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { lessThanOrEqual: "11.0.1", status: "affected", version: "11.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.", }, ], value: "IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T16:02:36.236Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7179163", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller improper certificate validation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-40702", datePublished: "2025-01-07T16:02:36.236Z", dateReserved: "2024-07-08T19:31:12.238Z", dateUpdated: "2025-01-07T16:59:26.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4877
Vulnerability from cvelistv5
Published
2022-01-21 17:20
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6509856 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190843 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.4.0 Version: 10.4.1 Version: 10.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:59.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204877-priv-escalation (190843)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190843", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, { status: "affected", version: "10.4.2", }, ], }, ], datePublic: "2022-01-20T00:00:00", descriptions: [ { lang: "en", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitCodeMaturity: "UNPROVEN", integrityImpact: "LOW", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:L/UI:N/AV:N/AC:L/A:L/C:L/S:U/PR:N/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-21T17:20:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204877-priv-escalation (190843)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190843", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-01-20T00:00:00", ID: "CVE-2020-4877", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.4.0", }, { version_value: "10.4.1", }, { version_value: "10.4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.", }, ], }, impact: { cvssv3: { BM: { A: "L", AC: "L", AV: "N", C: "L", I: "L", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6509856", refsource: "CONFIRM", title: "IBM Security Bulletin 6509856 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/6509856", }, { name: "ibm-cognos-cve20204877-priv-escalation (190843)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/190843", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4877", datePublished: "2022-01-21T17:20:20.280563Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-17T00:11:58.096Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-4685
Vulnerability from cvelistv5
Published
2020-11-11 12:55
Modified
2024-09-16 23:50
Severity ?
EPSS score ?
Summary
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6339995 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/186625 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 10.3.1 Version: 10.3.0 Version: 10.4.0 Version: 10.4.1 Version: 10.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:14:58.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6339995", }, { name: "ibm-cognos-cve20204685-priv-escalation (186625)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "10.3.1", }, { status: "affected", version: "10.3.0", }, { status: "affected", version: "10.4.0", }, { status: "affected", version: "10.4.1", }, { status: "affected", version: "10.4.2", }, ], }, ], datePublic: "2020-11-10T00:00:00", descriptions: [ { lang: "en", value: "A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "HIGH", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "CHANGED", temporalScore: 7, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/S:C/I:H/C:H/AC:H/A:H/PR:H/UI:N/AV:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-11T12:55:13", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6339995", }, { name: "ibm-cognos-cve20204685-priv-escalation (186625)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2020-11-10T00:00:00", ID: "CVE-2020-4685", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cognos Controller", version: { version_data: [ { version_value: "10.3.1", }, { version_value: "10.3.0", }, { version_value: "10.4.0", }, { version_value: "10.4.1", }, { version_value: "10.4.2", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "N", C: "H", I: "H", PR: "H", S: "C", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6339995", refsource: "CONFIRM", title: "IBM Security Bulletin 6339995 (Cognos Controller)", url: "https://www.ibm.com/support/pages/node/6339995", }, { name: "ibm-cognos-cve20204685-priv-escalation (186625)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/186625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2020-4685", datePublished: "2020-11-11T12:55:14.029311Z", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-09-16T23:50:55.144Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41775
Vulnerability from cvelistv5
Published
2024-12-03 17:13
Modified
2024-12-03 17:55
Severity ?
EPSS score ?
Summary
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Cognos Controller |
Version: 11.0.0, 11.0.1 cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-41775", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-03T17:49:42.591365Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T17:55:03.866Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Cognos Controller", vendor: "IBM", versions: [ { status: "affected", version: "11.0.0, 11.0.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.</span>", }, ], value: "IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-327", description: "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T17:13:32.948Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { url: "https://www.ibm.com/support/pages/node/7177220", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Cognos Controller information disclosure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-41775", datePublished: "2024-12-03T17:13:32.948Z", dateReserved: "2024-07-22T12:02:59.129Z", dateUpdated: "2024-12-03T17:55:03.866Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-201503-0055
Vulnerability from variot
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04626468
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04626468 Version: 1
HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-04-06 Last Updated: 2015-04-06
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).
References:
CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 SSRT102007
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0 HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0 HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates or workarounds to resolve the vulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent.
Workaround for HP IceWall SSO MCRP:
- If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in
the host configuration file. Not setting these will prevent MCRP from using those client certificates for communicating with the back-end web servers.
- If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there
is no workaround other than applying a vendor patch for OpenSSL for these vulnerabilities.
Workaround for HP IceWall SSO Dfw and SSO Agent:
- If possible, do not use client certificates for SSL communication
between the client and server which are running HP IceWall SSO Dfw or SSO Agent.
- If client certificates for SSL communication between the client and
server must be used, then there is no workaround other than applying a vendor patch for OpenSSL for these vulnerabilities.
Software updates to resolve the vulnerabilities for OpenSSL:
-
IceWall SSO Dfw 10.0 running on RHEL could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3.
Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
- For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL, please download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
- For IceWall products running on HP-UX which are using the OS bundled OpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is available from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product Number=OPENSSL11I
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 6 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. OpenSSL Security Advisory [19 Mar 2015] =======================================
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Severity: High
If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.
This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: High
This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".
This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.
Multiblock corrupted pointer (CVE-2015-0290)
Severity: Moderate
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.
This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Severity: Moderate
The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.
This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a
This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.
Base64 decode (CVE-2015-0292)
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption.
OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.
Empty CKE with client auth and DHE (CVE-2015-1787)
Severity: Moderate
If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Handshake with unseeded PRNG (CVE-2015-0285)
Severity: Low
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.
For example using the following command with an unseeded openssl will succeed on an unpatched platform:
openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-1 iOS 9
iOS 9 is now available and addresses the following:
Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. CVE-ID CVE-2015-5916
AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to reset failed passcode attempts with an iOS backup Description: An issue existed in resetting failed passcode attempts with a backup of the iOS device. This was addressed through improved passcode failure logic. CVE-ID CVE-2015-5850 : an anonymous researcher
Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Clicking a malicious ITMS link may lead to a denial of service in an enterprise-signed application Description: An issue existed with installation through ITMS links. This was addressed through additional installation verification. CVE-ID CVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.
Audio Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132.
CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may read cache data from Apple apps Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5898 : Andreas Kurtz of NESO Security Labs
CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook
CFNetwork FTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in FTP packet handling if clients were using an FTP proxy. CVE-ID CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.
CoreAnimation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: Applications could access the screen framebuffer while they were in the background. This issue was addressed with improved access control on IOSurfaces. CVE-ID CVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University, Feng Bao and Jianying Zhou of Cryptography and Security Department Institute for Infocomm Research
CoreCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Data Detectors Engine Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)
Dev Tools Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash
dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team
Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco
Game Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser
ICU Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2015-1205
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5848 : Filippo Bigarella
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5867 : moony li of Trend Micro
IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5844 : Filippo Bigarella CVE-2015-5845 : Filippo Bigarella CVE-2015-5846 : Filippo Bigarella
IOMobileFrameBuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5843 : Filippo Bigarella
IOStorageFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive
iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AppleID credentials may persist in the keychain after sign out Description: An issue existed in keychain deletion. This issue was addressed through improved account cleanup. CVE-ID CVE-2015-5832 : Kasif Dekel from Check Point Software Technologies
JavaScriptCore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5791 : Apple CVE-2015-5793 : Apple CVE-2015-5814 : Apple CVE-2015-5816 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming- chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issues was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks. CVE-ID CVE-2015-5748 : Maxime Villard of m00nbsd
libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation
libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker can send an email that appears to come from a contact in the recipient's address book Description: An issue existed in the handling of the sender's address. This issue was addressed through improved validation. CVE-ID CVE-2015-5857 : Emre Saglam of salesforce.com
Multipeer Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd
OpenSSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287
PluginKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application can install extensions before the application has been trusted Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification. CVE-ID CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.
removefile Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read Safari bookmarks on a locked iOS device without a passcode Description: Safari bookmark data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the Safari bookmark data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5903 : Jonathan Zdziarski
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Navigating to a malicious website with a malformed window opener may have allowed the display of arbitrary URLs. This issue was addressed through improved handling of window openers. CVE-ID CVE-2015-5905 : Keita Haga of keitahaga.com
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a.
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa
Safari Safe Browsing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M of TagsDoc
Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to intercept communication between apps Description: An issue existed that allowed a malicious app to intercept URL scheme communication between apps. This was mitigated by displaying a dialog when a URL scheme is used for the first time. CVE-ID CVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University
Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-5892 : Robert S Mozayeni, Joshua Donvito
SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device can reply to an audio message from the lock screen when message previews from the lock screen are disabled Description: A lock screen issue allowed users to reply to audio messages when message previews were disabled. This issue was addressed through improved state management. CVE-ID CVE-2015-5861 : Daniel Miedema of Meridian Apps
SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to spoof another application's dialog windows Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-ID CVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui
SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-5895
tidy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5792 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Andrei Neculaesei, Guillaume Ross
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType may learn the last character of a password in a filled-in web form Description: An issue existed in WebKit's handling of password input context. This issue was addressed through improved input context handling. CVE-ID CVE-2015-5906 : Louis Romero of Google Inc.
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to redirect to a malicious domain Description: An issue existed in the handling of resource caches on sites with invalid certificates. The issue was addressed by rejecting the application cache of domains with invalid certificates. CVE-ID CVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptor, Chris Evans
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An issue existed with Content-Disposition headers containing type attachment. This issue was addressed by disallowing some functionality for type attachment pages. CVE-ID CVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz, superhei of www.knownsec.com
WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A cross-origin issue existed with "canvas" element images in WebKit. This was addressed through improved tracking of security origins. CVE-ID CVE-2015-5788 : Apple
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU +bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG UYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2 3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM RgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28 Hk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+ 0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD WrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA aW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS 81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST yq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT rHWi1bvzskkrxRfuQ4mX =MnPh -----END PGP SIGNATURE----- .
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0715-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0715.html Issue date: 2015-03-23 CVE Names: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2015-0286)
An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)
A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)
An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.7.ppc.rpm openssl-1.0.1e-30.el6_6.7.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.7.ppc.rpm openssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.7.s390.rpm openssl-1.0.1e-30.el6_6.7.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm openssl-devel-1.0.1e-30.el6_6.7.s390.rpm openssl-devel-1.0.1e-30.el6_6.7.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm openssl-static-1.0.1e-30.el6_6.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm openssl-perl-1.0.1e-30.el6_6.7.s390x.rpm openssl-static-1.0.1e-30.el6_6.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-0286 https://access.redhat.com/security/cve/CVE-2015-0287 https://access.redhat.com/security/cve/CVE-2015-0288 https://access.redhat.com/security/cve/CVE-2015-0289 https://access.redhat.com/security/cve/CVE-2015-0292 https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX z2xamw9PEJVbuKTXaQeLRmQ= =ZkF+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group
apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple
coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero
Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. CVE-ID CVE-2013-1741
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack
Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. CVE-ID
CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0055", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "communications policy management", scope: "eq", trust: 1.1, vendor: "oracle", version: "9.9.1", }, { model: "communications policy management", scope: "eq", trust: 1.1, vendor: "oracle", version: "9.7.3", }, { model: "communications policy management", scope: "eq", trust: 1.1, vendor: "oracle", version: "10.4.1", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1k", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0p", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0q", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8ze", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.2", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "0.9.8 thats all 0.9.8zf", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0 thats all 1.0.0r", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1 thats all 1.0.1m", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.2 thats all 1.0.2a", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.3 (ht204942)", }, { model: "mac os x", scope: "lt", trust: 0.8, vendor: "apple", version: "10.6.8 or later 10.11 (ht205267)", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9 (ipad 2 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9 (iphone 4s or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9 (ipod touch first 5 after generation )", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.25", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "enterprise monitor 2.3.20", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "enterprise monitor 3.0.22", }, { model: "communications applications", scope: "lte", trust: 0.8, vendor: "oracle", version: "of oracle enterprise session border controller ecz7.3m1p4", }, { model: "communications policy management", scope: "lte", trust: 0.8, vendor: "oracle", version: "12.1.1", }, { model: "enterprise manager", scope: "lt", trust: 0.8, vendor: "oracle", version: "ops center 12.1.4", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.2.0", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.2.1", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.3.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle business intelligence enterprise edition 11.1.1.7", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle business intelligence enterprise edition 11.1.1.9", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.4.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.5.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.6.1.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle exalogic infrastructure 2.0.6.2", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle tuxedo tuxedo 12.1.1.0", }, { model: "peoplesoft products", scope: "eq", trust: 0.8, vendor: "oracle", version: "of peoplesoft enterprise peopletools 8.53", }, { model: "peoplesoft products", scope: "eq", trust: 0.8, vendor: "oracle", version: "of peoplesoft enterprise peopletools 8.54", }, { model: "secure backup", scope: "lt", trust: 0.8, vendor: "oracle", version: "10.4.0.4.0", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.2", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1 sp1", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1 sp2", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "3.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0 2007 update release 2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 10.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r1", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r3", }, { model: "csview", scope: "eq", trust: 0.8, vendor: "nec", version: "/web questionnaire", }, { model: "enterprisedirectoryserver", scope: "eq", trust: 0.8, vendor: "nec", version: "ver6.0 to ver8.0", }, { model: "enterpriseidentitymanager", scope: "eq", trust: 0.8, vendor: "nec", version: "ver2.0 to 8.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sg series intersecvm/sg v1.2", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v3.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v3.1", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v4.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sg series sg3600lm/lg/lj v6.1", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v6.2", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v7.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v7.1", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v8.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sg series univerge sg3000lg/lj", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "hs series", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "nv7400/nv5400/nv3400 series", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "nv7500/nv5500/nv3500 series", }, { model: "ix2000 series", scope: "eq", trust: 0.8, vendor: "nec", version: "ver.8.7.22 all subsequent", }, { model: "ix3000 series", scope: "eq", trust: 0.8, vendor: "nec", version: "ver.8.7.22 all subsequent", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.0", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.01", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.02", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.1", }, { model: "systemdirector enterprise", scope: "eq", trust: 0.8, vendor: "nec", version: "for java ( all models ) v5.1 to v7.2", }, { model: "univerge", scope: "eq", trust: 0.8, vendor: "nec", version: "3c cmm", }, { model: "univerge", scope: "eq", trust: 0.8, vendor: "nec", version: "3c ucm v8.5.4 before", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "enterprise edition v4.2 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v4.2 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "standard-j edition v4.1 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "uddi registry v1.1 to v7.1", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "web edition v4.1 to v6.5", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "enterprise edition v7.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "enterprise v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "express v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "foundation v8.2 to v8.5", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v7.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard-j edition v7.1 to v8.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "web edition v7.1 to v8.1", }, { model: "webotx enterprise service bus", scope: "eq", trust: 0.8, vendor: "nec", version: "v6.4 to v9.2", }, { model: "webotx portal", scope: "eq", trust: 0.8, vendor: "nec", version: "v8.2 to v9.1", }, { model: "webotx sip application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v7.1 to v8.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator agent ver3.3 to ver4.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator manager ver3.2.2 to ver4.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator probe option ver3.1.0.x to ver4.1.0.x", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "jobcenter r14.1", }, { model: "system management homepage", scope: "ne", trust: 0.6, vendor: "hp", version: "7.5", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "hp-ux b.11.23 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v2)", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "netezza platform software 7.0.4.8-p2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.32", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "security network controller 1.0.3361m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "algo one ase", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "system networking rackswitch g8124e", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.11.4.0", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "gb esm ethernet switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "1/107.4.11.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "virtual fabric 10gb switch module for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.8.20.0", }, { model: "icewall mcrp sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.211", }, { model: "project openssl 0.9.8f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "pureapplication system interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.0.0.1", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "i operating system", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.12", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "virtual fabric 10gb switch module for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.6.0", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "netezza platform software 7.0.4.7-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.41", }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.20", }, { model: "project openssl 0.9.8u", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "insight orchestration", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.6", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.1", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7", }, { model: "version control agent", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "worklight foundation consumer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.20", }, { model: "cms", scope: "eq", trust: 0.3, vendor: "avaya", version: "17.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "abyp-4tl-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.35", }, { model: "communications session border controller scz7.4.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.15", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.2.0", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1209", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.24", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.4", }, { model: "project openssl 1.0.2a", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.16", }, { model: "netezza platform software 7.2.0.4-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.16", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.3", }, { model: "vios fp-25 sp-02", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.3", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.6.1.0.0", }, { model: "system networking rackswitch g8124", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.11.4.0", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3361", }, { model: "sterling integrator", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.10", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "netezza platform software 7.0.2.16-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "worklight foundation enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.20", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "ios", scope: "ne", trust: 0.3, vendor: "apple", version: "9", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.1", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.17", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "system networking rackswitch g8332", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.7.20.0", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.1.0", }, { model: "project openssl 1.0.1m", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.4", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.1", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5.0", }, { model: "project openssl 1.0.0r", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.6.0", }, { model: "flashsystem 9843-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "840", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.27", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.11", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "sterling connect:express for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11150-11", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.8", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "g8264cs si fabric image", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.1.1", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system cn4093 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2.0", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.41.32.0", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "qlogic 8gb intelligent pass-thru module & san switch module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.10.1.31.00", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.1", }, { model: "gb esm ethernet switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "1/107.4.10.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "sterling connect:enterprise for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.0", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.0.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.23", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.5", }, { model: "flex system cn4093 10gb scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.1", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "qradar security information and event manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.17", }, { model: "netezza platform software 7.0.2.15-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "initiate master data service patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "ds8700", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.31.16.0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.913", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.13", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "sdk for node.js", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.0.13", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.1", }, { model: "infosphere guardium database activity monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "infosphere master data management patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "sametime unified telephony", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12", }, { model: "qradar security information and event manager patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.43", }, { model: "flex system en4023 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "flex system fc5022 16gb san scalable switch 7.2.1c", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "virtual fabric 10gb switch module for bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.8.21.0", }, { model: "mobilefirst platform foundation", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.211", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "system networking rackswitch g8124e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11.3.0", }, { model: "cognos controller if4", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.10", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.9", }, { model: "communications session border controller scz7.3.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.7", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "sterling connect:enterprise for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.4.4.03", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.7", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.21", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.3", }, { model: "algo one pcre", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "aspera ondemand", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.16", }, { model: "qradar security information and event manager patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.42", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bundle of g8264cs image", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.2", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "abyp-2t-1s-1l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.36", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.5.3", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "security network controller 1.0.3350m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos metrics manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.4", }, { model: "netezza platform software 7.2.0.4-p2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "icewall sso agent option", scope: "eq", trust: 0.3, vendor: "hp", version: "8.02007", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.11", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "project openssl beta4", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "websphere mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "sterling connect:enterprise for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.4.4.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.213", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "9.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "tssc/imc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.20", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "project openssl beta5", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.34", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "abyp-2t-1s-1l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system networking rackswitch g8124", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.9.13.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system networking rackswitch g8052", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.9.14.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "13.2", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "abyp-10g-2sr-2lr-1-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.6", }, { model: "system networking rackswitch g8124", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11.3.0", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8.0", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "si4093 si fabric", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.01", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.4", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "abyp-2t-2s-0l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "security proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5.0", }, { model: "powerkvm", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "sterling connect:enterprise for unix ifix03", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.3", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3.1", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.08", }, { model: "worklight consumer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.06", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1.0", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.15", }, { model: "cognos controller fp3 if2", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.4", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.8.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "flex system fabric si4093 system interconnect module", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "security network controller 1.0.3379m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.7", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.6", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.19", }, { model: "openscape voice r1.43.1", scope: "ne", trust: 0.3, vendor: "unify", version: "v7", }, { model: "abyp-0t-4s-0l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "algo one aggregation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "project openssl 0.9.8m beta1", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.0.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "hp-ux b.11.11 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v1)", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "abyp-4ts-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.15", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.45", }, { model: "sterling connect:enterprise for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.5.0.38", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.07", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "sterling connect:express for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.5.0.11150-11", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1.1", }, { model: "flex system fc5022 16gb san scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.4", }, { model: "infosphere master data management provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "algo one ase", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.1", }, { model: "abyp-10g-4lr-1-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "abyp-10g-4lr-1-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "qradar security information and event manager patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.44", }, { model: "netezza platform software 7.0.4.8-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.10", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.02", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "sterling connect:express for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.4.6.1146-109", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "ds8800", scope: "eq", trust: 0.3, vendor: "ibm", version: "86.31.123.0", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.07", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.1.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "netezza platform software 7.1.0.4-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "openscape voice r1", scope: "eq", trust: 0.3, vendor: "unify", version: "v7", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.1", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1768", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.5", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "algo one mag", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "abyp-0t-0s-4l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.11", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.2", }, { model: "abyp-4t-0s-0l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "algo audit and compliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "worklight enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.0", }, { model: "cognos insight", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.2.4", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.9", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.4", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.6", }, { model: "flex system fc5022 16gb san scalable switch 7.3.0a", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "abyp-0t-2s-2l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "virtual fabric 10gb switch module for bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.7.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.41", }, { model: "storediq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.21", }, { model: "integration bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "7", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "sametime community server hf1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "project openssl 0.9.8ze", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.19", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.04", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.5", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "worklight consumer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.2", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "system networking rackswitch g8264t", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.9.14.0", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.5", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.2", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5", }, { model: "sametime community server limited use", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.02", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "hp-ux b.11.31 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v3)", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6", }, { model: "netezza platform software 7.0.4.8-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "system networking rackswitch g8332", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.19.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.20", }, { model: "system networking rackswitch g8052", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.11.4.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.40", }, { model: "abyp-0t-2s-2l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "abyp-2t-0s-2l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.32", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.211", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.9.2", }, { model: "sterling connect:enterprise for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.4.4.04", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "abyp-10g-4sr-1-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "g8264cs si fabric image", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "security network controller 1.0.3352m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system networking rackswitch g8264cs", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "flex system en4023 10gb scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "alienvault", scope: "ne", trust: 0.3, vendor: "alienvault", version: "5.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.16", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.1", }, { model: "rational tau interim fix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.0.6", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.14", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.14", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "enterprise session border controller ecz7.3m2p2", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.13", }, { model: "system networking rackswitch g8264cs", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.03", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "icewall sso dfw r2", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "system networking rackswitch g8264", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.9.14.0", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "cognos metrics manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4.0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.0", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.411", }, { model: "infosphere master data management standard/advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.213", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.3.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.2", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.5", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.0.4.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.0", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.0", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.17", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.0", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.31.38.0", }, { model: "openscape voice r1.42.0", scope: "eq", trust: 0.3, vendor: "unify", version: "v7", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.9.2", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.3", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.2.0", }, { model: "algo one pcre", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.2", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.1", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.28", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.13", }, { model: "netezza platform software 7.0.2.16-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "bundle of g8264cs image", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.21", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "sterling connect:express for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6.1146-108", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "cognos controller fp1 if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "openscape voice r1.37.0", scope: "eq", trust: 0.3, vendor: "unify", version: "v8", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.0", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "icewall sso dfw", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.4", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.010", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6.0", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.41", }, { model: "infosphere guardium for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "icewall sso agent option", scope: "eq", trust: 0.3, vendor: "hp", version: "8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "netezza platform software 7.0.2.16-p2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "openscape voice r1.38.0", scope: "eq", trust: 0.3, vendor: "unify", version: "v8", }, { model: "abyp-10g-4sr-1-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.33", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "openssh for gpfs", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "initiate master data service provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.0.1", }, { model: "icewall sso dfw", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.0", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.4", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.213", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.26", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "infosphere master data management standard/advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "virtual connect enterprise manager sdk", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.1.0", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.3", }, { model: "abyp-0t-4s-0l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.03", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.3", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.6", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.5", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.3", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.5.1.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.1", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.0.0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.0.0", }, { model: "system networking rackswitch g8052", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.9.13.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.7", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "strm/jsa", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.12", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "aspera drive", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.1", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1", }, { model: "rational insight", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.1.7", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "system networking rackswitch g8052", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11.3.0", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.1.3", }, { model: "netezza platform software 7.1.0.5-p2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.50", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.3", }, { model: "openscape voice r1.3.0", scope: "eq", trust: 0.3, vendor: "unify", version: "v8", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15.1", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.210", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3.1", }, { model: "tuxedo", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.0.0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.14", }, { model: "i operating systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.0.2", }, { model: "security network controller 1.0.3381m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "7", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.9.0", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "gb esm ethernet switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "1/106.8.21.0", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "algo one mag", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.8", }, { model: "websphere message broker", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.9", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "tssc/imc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "sterling connect:direct for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "rational tau interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "4.3.0.6", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.2", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "screenos", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.6", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.5", }, { model: "system storage san768b-2", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "pureapplication system", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.1.0.1", }, { model: "system networking rackswitch g8316", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.9.14.0", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.80", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system networking rackswitch g8264", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.11.4.0", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.16", }, { model: "initiate master data service provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.3", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.0.1", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0.2", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.6.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "qradar security information and event manager patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.41", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.3", }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.03", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "cognos controller fp1 if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.8.1.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "openscape voice r1.43.1", scope: "ne", trust: 0.3, vendor: "unify", version: "v8", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.8", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.13", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.31", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "gb esm ethernet switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "1/106.8.20.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "abyp-0t-0s-4l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.31.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.6", }, { model: "initiate master data service patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system networking rackswitch g8316", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.9.13.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.14", }, { model: "flashsystem 9840-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "sterling connect:direct for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.14", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.1", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.12", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.13", }, { model: "abyp-2t-2s-0l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.0.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.1", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.3", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3381", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.8.0", }, { model: "abyp-4tl-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.3", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "abyp-4ts-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "icewall mcrp sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "qlogic 8gb intelligent pass-thru module & san switch module", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.10.1.35.00", }, { model: "infosphere guardium database activity monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli provisioning manager for images", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.1.19", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.13", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "project openssl 1.0.0p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.12", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "openscape voice r1", scope: "eq", trust: 0.3, vendor: "unify", version: "v8", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.0.3", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.8", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.09", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.7", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.0.2", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.0.1", }, { model: "worklight consumer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2.3", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.14", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "abyp-10g-2sr-2lr-1-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "system networking rackswitch g8264t", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.9.13.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.0.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.1.3", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.13", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "icewall sso agent option update rele", scope: "eq", trust: 0.3, vendor: "hp", version: "8.02007", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0.3", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.18", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.8", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.25", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1.1", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "system networking rackswitch g8124e", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.9.14.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.6", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.34", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.15", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3376", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.4", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.010", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "flex system fc5022 16gb san scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.3.1", }, { model: "abyp-4t-0s-0l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.41", }, { model: "project openssl 0.9.8zd", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.0.2", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "project openssl 1.0.0h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "worklight enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.23", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.14", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "netezza platform software 7.1.0.5-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.11", }, { model: "icewall sso dfw r3", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "project openssl 1.0.1k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.010", }, { model: "mq light", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.40", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.31.16.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system networking rackswitch g8264", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.9.13.0", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "worklight foundation consumer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.0.1", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "tivoli provisioning manager for os deployment build", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.1.151.05", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.2", }, { model: "system networking rackswitch g8124e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.9.13.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system networking rackswitch g8264", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11.3.0", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.2.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control agent", scope: "ne", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "sterling connect:enterprise for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.37", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "cognos metrics manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.20", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system networking rackswitch g8124", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.9.14.0", }, { model: "tivoli provisioning manager for os deployment", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.1.19", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.7", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "worklight enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.1", }, { model: "secure backup", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.0.1.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.212", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "infosphere master data management standard/advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.01", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4.1", }, { model: "aspera orchestrator", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.2.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "sterling b2b integrator", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "worklight foundation enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.0.1", }, { model: "ctpos 6.6r1", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.9", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.11", }, { model: "icewall mcrp", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.4", }, { model: "sametime unified telephony", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.2.0", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.12", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.13", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.32", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.12", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.12", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.4", }, { model: "security network controller 1.0.3376m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.9", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.5", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.9", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3379", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "si4093 si fabric", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "mobilefirst platform foundation", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.0", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.9", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "project openssl 0.9.8zf", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.5.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.0", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.11.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.10", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "flex system fc5022 16gb san scalable switch 7.2.0d5", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "icewall mcrp", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.1", }, { model: "qradar security information and event manager mr2 patch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.110", }, { model: "abyp-2t-0s-2l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "rational tau", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.33", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.7", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "project openssl 1.0.1l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "i operating system", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "project openssl 1.0.0q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7.0", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.8", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "ctpos 6.6r2", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.18", }, { model: "mysql enterprise monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.4", }, { model: "cognos controller fp1 if2", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "icewall sso dfw r1", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "73225", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "NVD", id: "CVE-2015-0286", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8ze", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0286", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Stephen Henson", sources: [ { db: "BID", id: "73225", }, ], trust: 0.3, }, cve: "CVE-2015-0286", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-0286", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-0286", trust: 1.8, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-0286", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2015-0286", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "NVD", id: "CVE-2015-0286", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04626468\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04626468\nVersion: 1\n\nHPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running\nOpenSSL, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-06\nLast Updated: 2015-04-06\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\n Potential security vulnerabilities have been identified with HP IceWall SSO\nMCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be\nexploited remotely resulting in Denial of Service (DoS). \n\nReferences:\n\n CVE-2015-0209\n CVE-2015-0286\n CVE-2015-0287\n CVE-2015-0288\n CVE-2015-0289\n SSRT102007\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0\n HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0\n HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends the following software updates or workarounds to resolve the\nvulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent. \n\n Workaround for HP IceWall SSO MCRP:\n\n - If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in\nthe host configuration file. Not setting these will prevent MCRP from using\nthose client certificates for communicating with the back-end web servers. \n\n - If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there\nis no workaround other than applying a vendor patch for OpenSSL for these\nvulnerabilities. \n\n Workaround for HP IceWall SSO Dfw and SSO Agent:\n\n - If possible, do not use client certificates for SSL communication\nbetween the client and server which are running HP IceWall SSO Dfw or SSO\nAgent. \n\n - If client certificates for SSL communication between the client and\nserver must be used, then there is no workaround other than applying a vendor\npatch for OpenSSL for these vulnerabilities. \n\n Software updates to resolve the vulnerabilities for OpenSSL:\n\n 1. IceWall SSO Dfw 10.0 running on RHEL could be using either the OS\nbundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still\nusing the OpenSSL bundled with HP IceWall, please switch to the OpenSSL\nlibrary bundled with the OS, and then follow the instructions in step 3. \n\n Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 2. For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL,\nplease download the updated OpenSSL at the following location:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 3. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is\navailable from the following location:\n\n https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product\nNumber=OPENSSL11I\n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 6 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL's\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia Käsper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia Käsper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia Käsper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-1 iOS 9\n\niOS 9 is now available and addresses the following:\n\nApple Pay\nAvailable for: iPhone 6, iPad mini 3, and iPad Air 2\nImpact: Some cards may allow a terminal to retrieve limited recent\ntransaction information when making a payment\nDescription: The transaction log functionality was enabled in\ncertain configurations. This issue was addressed by removing the\ntransaction log functionality. \nCVE-ID\nCVE-2015-5916\n\nAppleKeyStore\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to reset failed passcode\nattempts with an iOS backup\nDescription: An issue existed in resetting failed passcode attempts\nwith a backup of the iOS device. This was addressed through improved\npasscode failure logic. \nCVE-ID\nCVE-2015-5850 : an anonymous researcher\n\nApplication Store\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Clicking a malicious ITMS link may lead to a denial of\nservice in an enterprise-signed application\nDescription: An issue existed with installation through ITMS links. \nThis was addressed through additional installation verification. \nCVE-ID\nCVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nAudio\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription: A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nCertificate Trust Policy\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT204132. \n\nCFNetwork\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device may read\ncache data from Apple apps\nDescription: Cache data was encrypted with a key protected only by\nthe hardware UID. This issue was addressed by encrypting the cache\ndata with a key protected by the hardware UID and the user's\npasscode. \nCVE-ID\nCVE-2015-5898 : Andreas Kurtz of NESO Security Labs\n\nCFNetwork Cookies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position can track a\nuser's activity\nDescription: A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork Cookies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to create unintended cookies for a\nwebsite\nDescription: WebKit would accept multiple cookies to be set in the\ndocument.cookie API. This issue was addressed through improved\nparsing. \nCVE-ID\nCVE-2015-3801 : Erling Ellingsen of Facebook\n\nCFNetwork FTPProtocol\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription: An issue existed in FTP packet handling if clients were\nusing an FTP proxy. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted URL may be able to bypass HTTP Strict\nTransport Security (HSTS) and leak sensitive data\nDescription: A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription: An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreAnimation\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: Applications could access the screen framebuffer while\nthey were in the background. This issue was addressed with improved\naccess control on IOSurfaces. \nCVE-ID\nCVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin\nGao, Yingjiu Li of School of Information Systems Singapore Management\nUniversity, Feng Bao and Jianying Zhou of Cryptography and Security\nDepartment Institute for Infocomm Research\n\nCoreCrypto\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to determine a private key\nDescription: By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nData Detectors Engine\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: Memory corruption issues existed in the processing of\ntext files. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDev Tools\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\ndyld\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to bypass code signing\nDescription: An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team\n\nDisk Images\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\nGame Center\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious Game Center application may be able to access a\nplayer's email address\nDescription: An issue existed in Game Center in the handling of a\nplayer's email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nICU\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in ICU\nDescription: Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed that led to the disclosure of kernel\nmemory content. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5848 : Filippo Bigarella\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5867 : moony li of Trend Micro\n\nIOKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5844 : Filippo Bigarella\nCVE-2015-5845 : Filippo Bigarella\nCVE-2015-5846 : Filippo Bigarella\n\nIOMobileFrameBuffer\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in\nIOMobileFrameBuffer. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5843 : Filippo Bigarella\n\nIOStorageFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\niTunes Store\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: AppleID credentials may persist in the keychain after sign\nout\nDescription: An issue existed in keychain deletion. This issue was\naddressed through improved account cleanup. \nCVE-ID\nCVE-2015-5832 : Kasif Dekel from Check Point Software Technologies\n\nJavaScriptCore\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5791 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may control the value of stack cookies\nDescription: Multiple weaknesses existed in the generation of user\nspace stack cookies. This was addressed through improved generation\nof stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local process can modify other processes without\nentitlement checks\nDescription: An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through added entitlement\nchecks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by Ming-\nchieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription: An issue existed in xnu's validation of TCP packet\nheaders. This issues was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a local LAN segment may disable IPv6 routing\nDescription: An insufficient validation issue existed in handling of\nIPv6 router advertisements that allowed an attacker to set the hop\nlimit to an arbitrary value. This issue was addressed by enforcing a\nminimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in XNU that led to the disclosure of\nkernel memory. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: An issue existed in HFS drive mounting. This was\naddressed by additional validation checks. \nCVE-ID\nCVE-2015-5748 : Maxime Villard of m00nbsd\n\nlibc\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nMail\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker can send an email that appears to come from a\ncontact in the recipient's address book\nDescription: An issue existed in the handling of the sender's\naddress. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5857 : Emre Saglam of salesforce.com\n\nMultipeer Connectivity\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to observe unprotected\nmultipeer data\nDescription: An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nmemory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nOpenSSL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nPluginKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious enterprise application can install extensions\nbefore the application has been trusted\nDescription: An issue existed in the validation of extensions during\ninstallation. This was addressed through improved app verification. \nCVE-ID\nCVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nremovefile\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read Safari bookmarks on a\nlocked iOS device without a passcode\nDescription: Safari bookmark data was encrypted with a key protected\nonly by the hardware UID. This issue was addressed by encrypting the\nSafari bookmark data with a key protected by the hardware UID and the\nuser's passcode. \nCVE-ID\nCVE-2015-5903 : Jonathan Zdziarski\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An issue may have allowed a website to display content\nwith a URL from a different website. This issue was addressed through\nimproved URL handling. \nCVE-ID\nCVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Navigating to a malicious website with a malformed\nwindow opener may have allowed the display of arbitrary URLs. This\nissue was addressed through improved handling of window openers. \nCVE-ID\nCVE-2015-5905 : Keita Haga of keitahaga.com\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Users may be tracked by malicious websites using client\ncertificates\nDescription: An issue existed in Safari's client certificate\nmatching for SSL authentication. This issue was addressed through\nimproved matching of valid client certificates. \nCVE-ID\nCVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut\nof Whatever s.a. \n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Multiple user interface inconsistencies may have\nallowed a malicious website to display an arbitrary URL. These issues\nwere addressed through improved URL display logic. \nCVE-ID\nCVE-2015-5764 : Antonio Sanso (@asanso) of Adobe\nCVE-2015-5765 : Ron Masas\nCVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa\n\nSafari Safe Browsing\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Navigating to the IP address of a known malicious website\nmay not trigger a security warning\nDescription: Safari's Safe Browsing feature did not warn users when\nvisiting known malicious websites by their IP addresses. The issue\nwas addressed through improved malicious site detection. \nRahul M of TagsDoc\n\nSecurity\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious app may be able to intercept communication\nbetween apps\nDescription: An issue existed that allowed a malicious app to\nintercept URL scheme communication between apps. This was mitigated\nby displaying a dialog when a URL scheme is used for the first time. \nCVE-ID\nCVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng\nWang of Indiana University, Luyi Xing of Indiana University, Tongxin\nLi of Peking University, Tongxin Li of Peking University, Xiaolong\nBai of Tsinghua University\n\nSiri\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device may be able\nto use Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: When a request was made to Siri, client side\nrestrictions were not being checked by the server. This issue was\naddressed through improved restriction checking. \nCVE-ID\nCVE-2015-5892 : Robert S Mozayeni, Joshua Donvito\n\nSpringBoard\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device can reply to\nan audio message from the lock screen when message previews from the\nlock screen are disabled\nDescription: A lock screen issue allowed users to reply to audio\nmessages when message previews were disabled. This issue was\naddressed through improved state management. \nCVE-ID\nCVE-2015-5861 : Daniel Miedema of Meridian Apps\n\nSpringBoard\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to spoof another\napplication's dialog windows\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-ID\nCVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. \nLui\n\nSQLite\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in SQLite v3.8.5\nDescription: Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-5895\n\ntidy\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in Tidy. This issues\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Object references may be leaked between isolated origins on\ncustom events, message events and pop state events\nDescription: An object leak issue broke the isolation boundary\nbetween origins. This issue was addressed through improved isolation\nbetween origins. \nCVE-ID\nCVE-2015-5827 : Gildas\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to unintended dialing\nDescription: An issue existed in handling of tel://, facetime://,\nand facetime-audio:// URLs. This issue was addressed through improved\nURL handling. \nCVE-ID\nCVE-2015-5820 : Andrei Neculaesei, Guillaume Ross\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: QuickType may learn the last character of a password in a\nfilled-in web form\nDescription: An issue existed in WebKit's handling of password input\ncontext. This issue was addressed through improved input context\nhandling. \nCVE-ID\nCVE-2015-5906 : Louis Romero of Google Inc. \n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\nredirect to a malicious domain\nDescription: An issue existed in the handling of resource caches on\nsites with invalid certificates. The issue was addressed by rejecting\nthe application cache of domains with invalid certificates. \nCVE-ID\nCVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: Safari allowed cross-origin stylesheets to be loaded\nwith non-CSS MIME types which could be used for cross-origin data\nexfiltration. This issue was addressed by limiting MIME types for\ncross-origin stylesheets. \nCVE-ID\nCVE-2015-5826 : filedescriptor, Chris Evans\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: The Performance API may allow a malicious website to leak\nbrowsing history, network activity, and mouse movements\nDescription: WebKit's Performance API could have allowed a malicious\nwebsite to leak browsing history, network activity, and mouse\nmovements by measuring time. This issue was addressed by limiting\ntime resolution. \nCVE-ID\nCVE-2015-5825 : Yossi Oren et al. of Columbia University's Network\nSecurity Lab\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An issue existed with Content-Disposition headers\ncontaining type attachment. This issue was addressed by disallowing\nsome functionality for type attachment pages. \nCVE-ID\nCVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat\nResearch Team, Daoyuan Wu of Singapore Management University, Rocky\nK. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz,\nsuperhei of www.knownsec.com\n\nWebKit Canvas\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A cross-origin issue existed with \"canvas\" element\nimages in WebKit. This was addressed through improved tracking of\nsecurity origins. \nCVE-ID\nCVE-2015-5788 : Apple\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: WebSockets may bypass mixed content policy enforcement\nDescription: An insufficient policy enforcement issue allowed\nWebSockets to load mixed content. This issue was addressed by\nextending mixed content policy enforcement to WebSockets. \nKevin G Jones of Higher Logic\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer's Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple's update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don't Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU\n+bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG\nUYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2\n3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM\nRgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28\nHk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+\n0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD\nWrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA\naW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS\n81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST\nyq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT\nrHWi1bvzskkrxRfuQ4mX\n=MnPh\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0715-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0715.html\nIssue date: 2015-03-23\nCVE Names: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 \n CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 \n CVE-2015-0293 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had both\nthe SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause an\napplication using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain\nASN.1 structures. An attacker able to make an application using OpenSSL\nverify, decrypt, or parse a specially crafted PKCS#7 input could cause that\napplication to crash. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,\nand CVE-2015-0293. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0209\nhttps://access.redhat.com/security/cve/CVE-2015-0286\nhttps://access.redhat.com/security/cve/CVE-2015-0287\nhttps://access.redhat.com/security/cve/CVE-2015-0288\nhttps://access.redhat.com/security/cve/CVE-2015-0289\nhttps://access.redhat.com/security/cve/CVE-2015-0292\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150319.txt\nhttps://access.redhat.com/articles/1384453\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX\nz2xamw9PEJVbuKTXaQeLRmQ=\n=ZkF+\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. \n Fixes several bugs and security issues:\n o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)\n o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)\n o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)\n o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)\n o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)\n o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)\n o Removed the export ciphers from the DEFAULT ciphers\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A process may gain admin privileges without proper\nauthentication\nDescription: An issue existed when checking XPC entitlements. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A non-admin user may obtain admin rights\nDescription: An issue existed in the handling of user\nauthentication. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may abuse Directory Utility to gain root\nprivileges\nDescription: Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription: The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may induce memory corruption to\nescalate privileges\nDescription: A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription: Multiple buffer overflow issues existed in the Intel\ngraphics driver. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription: An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative\n\nntp\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription: Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. Geshev working with HP's Zero Day Initiative\nCVE-2015-3662 : kdot working with HP's Zero Day Initiative\nCVE-2015-3663 : kdot working with HP's Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Tampered applications may not be prevented from launching\nDescription: Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription: A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7", sources: [ { db: "NVD", id: "CVE-2015-0286", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "BID", id: "73225", }, { db: "VULMON", id: "CVE-2015-0286", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131308", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133616", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130982", }, { db: "PACKETSTORM", id: "131086", }, { db: "PACKETSTORM", id: "131585", }, { db: "PACKETSTORM", id: "132518", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0286", trust: 3.2, }, { db: "BID", id: "73225", trust: 1.4, }, { db: "JUNIPER", id: "JSA10680", trust: 1.4, }, { db: "SECTRACK", id: "1032917", trust: 1.1, }, { db: "SECTRACK", id: "1031929", trust: 1.1, }, { db: "MCAFEE", id: "SB10110", trust: 1.1, }, { db: "SIEMENS", id: "SSA-412672", trust: 1.1, }, { db: "JVN", id: "JVNVU99970459", trust: 0.8, }, { db: "JVN", id: "JVNVU97220341", trust: 0.8, }, { db: "JVN", id: "JVNVU95877131", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-001881", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-22-349-21", trust: 0.1, }, { db: "VULMON", id: "CVE-2015-0286", trust: 0.1, }, { db: "PACKETSTORM", id: "133318", trust: 0.1, }, { db: "PACKETSTORM", id: "131308", trust: 0.1, }, { db: "PACKETSTORM", id: "130933", trust: 0.1, }, { db: "PACKETSTORM", id: "131044", trust: 0.1, }, { db: "PACKETSTORM", id: "133616", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "130982", trust: 0.1, }, { db: "PACKETSTORM", id: "131086", trust: 0.1, }, { db: "PACKETSTORM", id: "131585", trust: 0.1, }, { db: "PACKETSTORM", id: "132518", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2015-0286", }, { db: "BID", id: "73225", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131308", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133616", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130982", }, { db: "PACKETSTORM", id: "131086", }, { db: "PACKETSTORM", id: "131585", }, { db: "PACKETSTORM", id: "132518", }, { db: "NVD", id: "CVE-2015-0286", }, ], }, id: "VAR-201503-0055", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.22222222, }, last_update_date: "2024-07-23T19:31:48.325000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-09-16-1 iOS 9", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html", }, { title: "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html", }, { title: "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html", }, { title: "HT204942", trust: 0.8, url: "http://support.apple.com/en-us/ht204942", }, { title: "HT205267", trust: 0.8, url: "https://support.apple.com/en-us/ht205267", }, { title: "HT205212", trust: 0.8, url: "https://support.apple.com/en-us/ht205212", }, { title: "HT204942", trust: 0.8, url: "http://support.apple.com/ja-jp/ht204942", }, { title: "HT205212", trust: 0.8, url: "https://support.apple.com/ja-jp/ht205212", }, { title: "HT205267", trust: 0.8, url: "https://support.apple.com/ja-jp/ht205267", }, { title: "cisco-sa-20150320-openssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl", }, { title: "HPSBGN03306 SSRT102007", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04626468", }, { title: "アライドテレシス株式会社からの情報", trust: 0.8, url: "http://jvn.jp/vu/jvnvu95877131/522154/index.html", }, { title: "NV15-015", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-015.html", }, { title: "Fix ASN1_TYPE_cmp", trust: 0.8, url: "https://git.openssl.org/?p=openssl.git;a=commit;h=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1", }, { title: "Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150319.txt", }, { title: "Oracle Critical Patch Update Advisory - January 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { title: "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Oracle Critical Patch Update Advisory - October 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Oracle Solaris Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "Bug 1202366", trust: 0.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1202366", }, { title: "OpenSSL Updates of 19 March 2015", trust: 0.8, url: "https://access.redhat.com/articles/1384453", }, { title: "RHSA-2015:0715", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0715.html", }, { title: "RHSA-2015:0716", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0716.html", }, { title: "RHSA-2015:0752", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0752.html", }, { title: "SA92", trust: 0.8, url: "https://bto.bluecoat.com/security-advisory/sa92", }, { title: "January 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "October 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "OpenSSLに複数の脆弱性 (19 Mar 2015)", trust: 0.8, url: "http://www.seil.jp/support/security/a01545.html", }, { title: "cisco-sa-20150320-openssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html", }, { title: "Red Hat: CVE-2015-0286", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2015-0286", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2537-1", }, { title: "Amazon Linux AMI: ALAS-2015-498", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-498", }, { title: "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20162957 - security advisory", }, { title: "Tenable Security Advisories: [R6] OpenSSL '20150319' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-04", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150320-openssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=07adc2b6f5910b64efc7296f227b9f10", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2015-0286 ", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0286", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-17", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "NVD", id: "CVE-2015-0286", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.openssl.org/news/secadv_20150319.txt", }, { trust: 1.4, url: "https://access.redhat.com/articles/1384453", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2015-0752.html", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2015-0715.html", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/73225", }, { trust: 1.1, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1202366", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3197", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html", }, { trust: 1.1, url: "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html", }, { trust: 1.1, url: "http://www.ubuntu.com/usn/usn-2537-1", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1031929", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0716.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142841429220765&w=2", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html", }, { trust: 1.1, url: "http://support.apple.com/kb/ht204942", }, { trust: 1.1, url: "https://support.apple.com/ht205212", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html", }, { trust: 1.1, url: "https://support.apple.com/ht205267", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa92", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143213830203296&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10680", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10110", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1032917", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2016-2957.html", }, { trust: 1.1, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { trust: 1.1, url: "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu95877131/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu97220341/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu99970459/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0286", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0292", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2015-0286", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-", }, { trust: 0.3, url: "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/apr/37", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/aug/137", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/aug/134", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/aug/136", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958089", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21961293", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21966177", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693", }, { trust: 0.3, url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958903", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963024", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf", }, { trust: 0.3, url: "https://networks.unify.com/security/advisories/obso-1512-01.pdf", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005341", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964676", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701028", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963964", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=swg21701256", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10680&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21882710", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964164", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903799", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701238", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902449", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902277", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21882644", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701054", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957922", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902544", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=swg21701086", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21702160", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903269", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883028", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098141", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902519", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902673", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883593", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700167", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903425", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21722409", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700411", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960212", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960210", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701354", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21883249", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961179", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098564", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098563", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098568", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964410", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964686", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?rs=630&uid=swg21970748", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960588", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960668", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903261", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903729", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701326", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883221", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883222", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21713653", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21882955", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.3, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0291", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1787", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0290", }, { trust: 0.2, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.2, url: "https://support.apple.com/en-", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "http://gpgtools.org", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0288", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0292", }, { trust: 0.2, url: "https://access.redhat.com/articles/11258", }, { trust: 0.2, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.2, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0209", }, { trust: 0.2, url: "https://bugzilla.redhat.com/):", }, { trust: 0.2, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0293", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0287", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0289", }, { trust: 0.2, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/17.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2015-0286", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2537-1/", }, { trust: 0.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=39581", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7", }, { trust: 0.1, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.1, url: "http://www.hp.com/jp/icewall_patchaccess", }, { trust: 0.1, url: "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?product", }, { trust: 0.1, url: "https://www.openssl.org/about/releasestrat.html),", }, { trust: 0.1, url: "https://www.openssl.org/about/secpolicy.html", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0160", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0198", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5298", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150108.txt", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5800", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5765", }, { trust: 0.1, url: "https://www.apple.com/itunes/", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5802", }, { trust: 0.1, url: "https://www.knownsec.com", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5795", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5788", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5799", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8146", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5797", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5794", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1129", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5791", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-3951", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5522", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5789", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1205", }, { trust: 0.1, url: "https://www.safeye.org)", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5793", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5764", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8611", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5523", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5801", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5796", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5790", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3801", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5792", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5767", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5748", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://osuosl.org)", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3673", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8141", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8140", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0235", }, { trust: 0.1, url: "http://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht204938", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3672", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8127", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3661", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3671", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-1741", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8128", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8130", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8139", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3662", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8129", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1157", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht204950", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3663", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3668", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1799", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3666", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1798", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3667", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0286", }, { db: "BID", id: "73225", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131308", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133616", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130982", }, { db: "PACKETSTORM", id: "131086", }, { db: "PACKETSTORM", id: "131585", }, { db: "PACKETSTORM", id: "132518", }, { db: "NVD", id: "CVE-2015-0286", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2015-0286", }, { db: "BID", id: "73225", }, { db: "JVNDB", id: "JVNDB-2015-001881", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131308", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133616", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130982", }, { db: "PACKETSTORM", id: "131086", }, { db: "PACKETSTORM", id: "131585", }, { db: "PACKETSTORM", id: "132518", }, { db: "NVD", id: "CVE-2015-0286", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-03-19T00:00:00", db: "VULMON", id: "CVE-2015-0286", }, { date: "2015-03-19T00:00:00", db: "BID", id: "73225", }, { date: "2015-03-23T00:00:00", db: "JVNDB", id: "JVNDB-2015-001881", }, { date: "2015-08-26T01:33:25", db: "PACKETSTORM", id: "133318", }, { date: "2015-04-07T15:56:20", db: "PACKETSTORM", id: "131308", }, { date: "2015-03-20T05:46:26", db: "PACKETSTORM", id: "130933", }, { date: "2015-03-27T20:42:44", db: "PACKETSTORM", id: "131044", }, { date: "2015-09-19T15:18:18", db: "PACKETSTORM", id: "133616", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-03-24T17:03:13", db: "PACKETSTORM", id: "130982", }, { date: "2015-03-30T21:19:09", db: "PACKETSTORM", id: "131086", }, { date: "2015-04-22T20:14:53", db: "PACKETSTORM", id: "131585", }, { date: "2015-07-01T05:31:53", db: "PACKETSTORM", id: "132518", }, { date: "2015-03-19T22:59:04.677000", db: "NVD", id: "CVE-2015-0286", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2015-0286", }, { date: "2017-05-02T03:08:00", db: "BID", id: "73225", }, { date: "2016-11-22T00:00:00", db: "JVNDB", id: "JVNDB-2015-001881", }, { date: "2023-11-07T02:23:23.180000", db: "NVD", id: "CVE-2015-0286", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "73225", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of crypto/asn1/a_type.c of ASN1_TYPE_cmp Service disruption in functions (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2015-001881", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Failure to Handle Exceptional Conditions", sources: [ { db: "BID", id: "73225", }, ], trust: 0.3, }, }
var-201410-1144
Vulnerability from variot
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.
This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1692-01 Product: Red Hat Storage Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html Issue date: 2014-10-22 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================
- Summary:
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Storage 2.1.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Storage Server 2.1 - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Package List:
Red Hat Storage Server 2.1:
Source: openssl-1.0.1e-30.el6_6.2.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3513 https://access.redhat.com/security/cve/CVE-2014-3567 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp RpfQCptdJIpd6WXO7pw1vVo= =T20t -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-16-2 Xcode 7.0
Xcode 7.0 is now available and addresses the following:
DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by updating header files to use the latest version. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation
IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree
subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0".
Release Date: 2014-10-28 Last Updated: 2014-10-28
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, man-in-the-middle (MitM) attack
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL.
This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3566 Man-in-th-Middle (MitM) attack CVE-2014-3567 Remote Unauthorized Access CVE-2014-3568 Remote Denial of Service (DoS) SSRT101767
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following ftp site.
ftp://ssl098zc:Secure12@ftp.usa.hp.com
User name: ssl098zc Password: (NOTE: Case sensitive) Secure12
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2) A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08zc or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 28 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . Please refer to the RESOLUTION section below for a list of impacted products.
Note: mitigation instructions are included below if the following software updates cannot be applied.
Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted CVE
12900 Switch Series R1005P15 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
12500 R1828P06 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566 CVE-2014-3568
12500 (Comware v7) R7328P04 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
11900 Switch Series R2111P06 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis
CVE-2014-3566 CVE-2014-3568
10500 Switch Series (Comware v7) R2111P06 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
9500E R1828P06 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)
CVE-2014-3566 CVE-2014-3568
7900 R2122 JG682A HP FlexFabric 7904 Switch Chassis JH001A HP FF 7910 2.4Tbps Fabric / MPU JG842A HP FF 7910 7.2Tbps Fabric / MPU JG841A HP FF 7910 Switch Chassis
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)
CVE-2014-3566 CVE-2014-3568
HSR6800 R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566 CVE-2014-3568
HSR6800 Russian Version R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566 CVE-2014-3568
HSR6602 R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG777A HP HSR6602-XG TAA Router
CVE-2014-3566 CVE-2014-3568
HSR6602 Russian Version R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router
CVE-2014-3566 CVE-2014-3568
6602 R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566 CVE-2014-3568
6602 Russian Version R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566 CVE-2014-3568
A6600 R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
A6600 Russian Version R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
6600 MCP R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
6600 MCP Russian Version R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG778A HP 6600 MCP-X2 Router TAA MPU
H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
5920 Switch Series R2311P05 JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5900 Switch Series R2311P05 JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5830 Switch Series R1118P11 JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch
CVE-2014-3566 CVE-2014-3568
5820 Switch Series R1809P03 JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)
CVE-2014-3566 CVE-2014-3568
5800 Switch Series R1809P03 JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)
CVE-2014-3566 CVE-2014-3568
5700 R2311P05 JG894A HP FF 5700-48G-4XG-2QSFP+ Switch JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch JG896A HP FF 5700-40XG-2QSFP+ Switch JG897A HP FF 5700-40XG-2QSFP+ TAA Switch JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
CVE-2014-3566 CVE-2014-3568
5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
CVE-2014-3566 CVE-2014-3568
5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
CVE-2014-3566 CVE-2014-3568
5130 EI switch Series R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch JG933A HP 5130-24G-SFP-4SFP+ EI Switch JG934A HP 5130-48G-4SFP+ EI Switch JG936A HP 5130-24G-PoE+-4SFP+ EI Swch JG937A HP 5130-48G-PoE+-4SFP+ EI Swch JG975A HP 5130-24G-4SFP+ EI BR Switch JG976A HP 5130-48G-4SFP+ EI BR Switch JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
CVE-2014-3566 CVE-2014-3568
5120 SI switch Series R1513P95 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)
CVE-2014-3566 CVE-2014-3568
4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91) CVE-2014-3566 CVE-2014-3568
4510G Switch Series R2221P08 JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91) CVE-2014-3566 CVE-2014-3568
4210G Switch Series R2221P08 JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91) CVE-2014-3566 CVE-2014-3568
3610 Switch Series R5319P10 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
CVE-2014-3566 CVE-2014-3568
3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch
CVE-2014-3566 CVE-2014-3568
3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch
CVE-2014-3566 CVE-2014-3568
3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch
CVE-2014-3566 CVE-2014-3568
1920 R1105 JG920A HP 1920-8G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG922A HP 1920-8G-PoE+ (180W) Switch JG923A HP 1920-16G Switch JG924A HP 1920-24G Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG927A HP 1920-48G Switch
CVE-2014-3566 CVE-2014-3568
1910 R11XX R1107 JG536A HP 1910-8 Switch JG537A HP 1910-8 -PoE+ Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG540A HP 1910-48 Switch
CVE-2014-3566 CVE-2014-3568
1910 R15XX R1513P95 JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-3566 CVE-2014-3568
1620 R1104 JG912A HP 1620-8G Switch JG913A HP 1620-24G Switch JG914A HP 1620-48G Switch
CVE-2014-3566 CVE-2014-3568
MSR20-1X R2513P33 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)
CVE-2014-3566 CVE-2014-3568
MSR30 R2513P33 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
CVE-2014-3566 CVE-2014-3568
MSR30-16 R2513P33 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)
CVE-2014-3566 CVE-2014-3568
MSR30-1X R2513P33 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
CVE-2014-3566 CVE-2014-3568
MSR50 R2513P33 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)
CVE-2014-3566 CVE-2014-3568
MSR50-G2 R2513P33 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)
CVE-2014-3566 CVE-2014-3568
MSR20 Russian version MSR201X_5.20.R2513L40.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)
CVE-2014-3566 CVE-2014-3568
MSR20-1X Russian version MSR201X_5.20.R2513L40.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
CVE-2014-3566 CVE-2014-3568
MSR30 Russian version MSR201X_5.20.R2513L40.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
CVE-2014-3566 CVE-2014-3568
MSR30-16 Russian version MSR201X_5.20.R2513L40.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
CVE-2014-3566 CVE-2014-3568
MSR30-1X Russian version MSR201X_5.20.R2513L40.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
CVE-2014-3566 CVE-2014-3568
MSR50 Russian version MSR201X_5.20.R2513L40.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)
CVE-2014-3566 CVE-2014-3568
MSR50 G2 Russian version MSR201X_5.20.R2513L40.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)
CVE-2014-3566 CVE-2014-3568
MSR9XX R2513P33 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
CVE-2014-3566 CVE-2014-3568
MSR93X R2513P33 JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
CVE-2014-3566 CVE-2014-3568
MSR1000 R2513P33 JG732A HP MSR1003-8 AC Router
CVE-2014-3566 CVE-2014-3568
MSR1000 Russian version R2513L40.RU JG732A HP MSR1003-8 AC Router
CVE-2014-3566 CVE-2014-3568
MSR2000 R0106P18 JG411A HP MSR2003 AC Router
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
MSR3000 R0106P18 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
MSR4000 R0106P18 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
F5000 F3210P22 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)
CVE-2014-3566 CVE-2014-3568
F5000-C R3811P03 JG650A HP F5000-C VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
F5000-S R3811P03 JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
U200S and CS F5123P30 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)
CVE-2014-3566 CVE-2014-3568
U200A and M F5123P30 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)
CVE-2014-3566 CVE-2014-3568
SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod
CVE-2014-3566 CVE-2014-3568
SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)
CVE-2014-3566 CVE-2014-3568
F1000-E R3181P05 JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
SecBlade SSL VPN Fix in Progress Use Mitigation JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic
CVE-2014-3566 CVE-2014-3568
VSR1000 R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
WX5002/5004 R2507P34 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod
CVE-2014-3566 CVE-2014-3568
HP 850/870 R2607P34 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc
CVE-2014-3566 CVE-2014-3568
HP 830 R3507P34 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
CVE-2014-3566 CVE-2014-3568
HP 6000 R2507P34 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
CVE-2014-3566 CVE-2014-3568
VCX Fix in Progress Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr JC517A HP VCX V7205 Platform w/DL 360 G6 Server JE355A HP VCX V6000 Branch Platform 9.0 JC516A HP VCX V7005 Platform w/DL 120 G6 Server JC518A HP VCX Connect 200 Primry 120 G6 Server J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr JE341A HP VCX Connect 100 Secondary JE252A HP VCX Connect Primary MIM Module JE253A HP VCX Connect Secondary MIM Module JE254A HP VCX Branch MIM Module JE355A HP VCX V6000 Branch Platform 9.0 JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod JD023A HP MSR30-40 Router with VCX MIM Module JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS JE340A HP VCX Connect 100 Pri Server 9.0 JE342A HP VCX Connect 100 Sec Server 9.0
CVE-2014-3566 CVE-2014-3568
iMC PLAT iMC PLAT v7.1 E0303P06 JD125A HP IMC Std S/W Platform w/100-node JD126A HP IMC Ent S/W Platform w/100-node JD808A HP IMC Ent Platform w/100-node License JD815A HP IMC Std Platform w/100-node License JF377A HP IMC Std S/W Platform w/100-node Lic JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU JF378A HP IMC Ent S/W Platform w/200-node Lic JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect VAE E-LTU JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
CVE-2014-3566
iMC UAM iMC UAM v7.1 E0302P07 JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
iMC WSM Fix in Progress Use Mitigation JD456A HP WSM Plug-in for IMC Includes 50 Aps JF414A HP IMC WSM S/W Module with 50-AP License JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU
CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
A Fixes in progress use mitigations J9565A HP 2615-8-PoE Switch J9562A HP 2915-8G-PoE Switch
E Fixes in progress use mitigations J4850A HP ProCurve Switch 5304xl J8166A HP ProCurve Switch 5304xl-32G J4819A HP ProCurve Switch 5308xl J8167A HP ProCurve Switch 5308xl-48G J4849A HP ProCurve Switch 5348xl J4849B HP ProCurve Switch 5348xl J4848A HP ProCurve Switch 5372xl J4848B HP ProCurve Switch 5372xl
F Fixes in progress use mitigations J4812A HP ProCurve 2512 Switch J4813A HP ProCurve 2524 Switch J4817A HP ProCurve 2312 Switch J4818A HP ProCurve 2324 Switch
H.07 Fixes in progress use mitigations J4902A HP ProCurve 6108 Switch
H.10 Fixes in progress use mitigations J8762A HP E2600-8-PoE Switch J4900A HP PROCURVE SWITCH 2626 J4900B HP ProCurve Switch 2626 J4900C ProCurve Switch 2626 J4899A HP ProCurve Switch 2650 J4899B HP ProCurve Switch 2650 J4899C ProCurve Switch 2650 J8164A ProCurve Switch 2626-PWR J8165A HP ProCurve Switch 2650-PWR
i.10 Fixes in progress use mitigations J4903A ProCurve Switch 2824 J4904A HP ProCurve Switch 2848
J Fixes in progress use mitigations J9299A HP 2520-24G-PoE Switch J9298A HP 2520-8G-PoE Switch
K Fixes in progress use mitigations J8692A HP 3500-24G-PoE yl Switch J8693A HP 3500-48G-PoE yl Switch J9310A HP 3500-24G-PoE+ yl Switch J9311A HP 3500-48G-PoE+ yl Switch J9470A HP 3500-24 Switch J9471A HP 3500-24-PoE Switch J9472A HP 3500-48 Switch J9473A HP 3500-48-PoE Switch J8697A HP E5406 zl Switch Chassis J8699A HP 5406-48G zl Switch J9447A HP 5406-44G-PoE+-4SFP zl Switch J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW J9642A HP 5406 zl Switch with Premium Software J9866A HP 5406 8p10GT 8p10GE Swch and Psw J8698A HP E5412 zl Switch Chassis J8700A HP 5412-96G zl Switch J9448A HP 5412-92G-PoE+-4SFP zl Switch J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW J9643A HP 5412 zl Switch with Premium Software J8992A HP 6200-24G-mGBIC yl Switch J9263A HP E6600-24G Switch J9264A HP 6600-24G-4XG Switch J9265A HP 6600-24XG Switch J9451A HP E6600-48G Switch J9452A HP 6600-48G-4XG Switch J9475A HP E8206 zl Switch Base System J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW J9640A HP 8206 zl Switch w/Premium Software J8715A ProCurve Switch 8212zl Base System J8715B HP E8212 zl Switch Base System J9091A ProCurve Switch 8212zl Chassis&Fan Tray J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW J9641A HP 8212 zl Switch with Premium SW
KA Fixes in progress use mitigations J9573A HP 3800-24G-PoE+-2SFP+ Switch J9574A HP 3800-48G-PoE+-4SFP+ Switch J9575A HP 3800-24G-2SFP+ Switch J9576A HP 3800-48G-4SFP+ Switch J9584A HP 3800-24SFP-2SFP+ Switch J9585A HP 3800-24G-2XG Switch J9586A HP 3800-48G-4XG Switch J9587A HP 3800-24G-PoE+-2XG Switch J9588A HP 3800-48G-PoE+-4XG Switch
KB Fixes in progress use mitigations J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch
L Fixes in progress use mitigations J8772B HP 4202-72 Vl Switch J8770A HP 4204 Vl Switch Chassis J9064A HP 4204-44G-4SFP Vl Switch J8773A HP 4208 Vl Switch Chassis J9030A HP 4208-68G-4SFP Vl Switch J8775B HP 4208-96 Vl Switch J8771A ProCurve Switch 4202VL-48G J8772A ProCurve Switch 4202VL-72 J8774A ProCurve Switch 4208VL-64G J8775A ProCurve Switch 4208VL-96
M.08 Fixes in progress use mitigations J8433A HP 6400-6XG cl Switch J8474A HP 6410-6XG cl Switch
M.10 Fixes in progress use mitigations J4906A HP E3400-48G cl Switch J4905A HP ProCurve Switch 3400cl-24G
N Fixes in progress use mitigations J9021A HP 2810-24G Switch J9022A HP 2810-48G Switch
PA Fixes in progress use mitigations J9029A ProCurve Switch 1800-8G
PB Fixes in progress use mitigations J9028A ProCurve Switch 1800-24G J9028B ProCurve Switch 1800-24G
Q Fixes in progress use mitigations J9019B HP 2510-24 Switch J9019A ProCurve Switch 2510-24
R Fixes in progress use mitigations J9085A HP 2610-24 Switch J9087A HP 2610-24-PoE Switch J9086A HP 2610-24-PPoE Switch J9088A HP 2610-48 Switch J9089A HP 2610-48-PoE Switch
RA Fixes in progress use mitigations J9623A HP 2620-24 Switch J9624A HP 2620-24-PPoE+ Switch J9625A HP 2620-24-PoE+ Switch J9626A HP 2620-48 Switch J9627A HP 2620-48-PoE+ Switch
S Fixes in progress use mitigations J9138A HP 2520-24-PoE Switch J9137A HP 2520-8-PoE Switch
T Fixes in progress use mitigations J9049A ProCurve Switch 2900- 24G J9050A ProCurve Switch 2900 48G
U Fixes in progress use mitigations J9020A HP 2510-48 Switch
VA Fixes in progress use mitigations J9079A HP 1700-8 Switch
VB Fixes in progress use mitigations J9080A HP 1700-24 Switch
W Fixes in progress use mitigations J9145A HP 2910-24G al Switch J9146A HP 2910-24G-PoE+ al Switch J9147A HP 2910-48G al Switch J9148A HP 2910-48G-PoE+ al Switch
WB Fixes in progress use mitigations J9726A HP 2920-24G Switch J9727A HP 2920-24G-POE+ Switch J9728A HP 2920-48G Switch J9729A HP 2920-48G-POE+ Switch J9836A HP 2920-48G-POE+ 740W Switch
Y Fixes in progress use mitigations J9279A HP 2510-24G Switch J9280A HP 2510-48G Switch
YA Fixes in progress use mitigations J9772A HP 2530-48G-PoE+ Switch J9773A HP 2530-24G-PoE+ Switch J9774A HP 2530-8G-PoE+ Switch J9775A HP 2530-48G Switch J9776A HP 2530-24G Switch J9777A HP 2530-8G Switch J9778A HP 2530-48-PoE+ Switch J9781A HP 2530-48 Switch J9853A HP 2530-48G-PoE+-2SFP+ Switch J9854A HP 2530-24G-PoE+-2SFP+ Switch J9855A HP 2530-48G-2SFP+ Switch J9856A HP 2530-24G-2SFP+ Switch
YB Fixes in progress use mitigations J9779A HP 2530-24-PoE+ Switch J9780A HP 2530-8-PoE+ Switch J9782A HP 2530-24 Switch J9783A HP 2530-8 Switch
MSM 6.5 6.5.1.0 J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9370A HP MSM765 Zl Premium Mobility Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9840A HP MSM775 zl Premium Controller Module J9845A HP 560 Wireless 802.11ac (AM) AP J9846A HP 560 Wireless 802.11ac (WW) AP J9847A HP 560 Wireless 802.11ac (JP) AP J9848A HP 560 Wireless 802.11ac (IL) AP J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
MSM 6.4 6.4.2.1 J9840A HP MSM775 zl Premium Controller Module J9370A HP MSM765 Zl Premium Mobility Controller J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL)
MSM 6.3 6.3.1.0 J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP)
MSM 6.2 6.2.1.2 J9370A HP MSM765 Zl Premium Mobility Controller J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9840A HP MSM775 zl Premium Controller Module J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr
M220 Fixes in progress use mitigations J9798A HP M220 802.11n (AM) Access Point J9799A HP M220 802.11n (WW) Access Point
M210 Fixes in progress use mitigations JL023A HP M210 802.11n (AM) Access Point JL024A HP M210 802.11n (WW) Access Point
PS110 Fixes in progress use mitigations JL065A HP PS110 Wireless 802.11n VPN AM Router JL066A HP PS110 Wireless 802.11n VPN WW Router
HP Office Connect 1810 PK Fixes in progress use mitigations J9660A HP 1810-48G Switch
HP Office Connect 1810 P Fixes in progress use mitigations J9450A HP 1810-24G Switch J9449A HP 1810-8G Switch
HP Office Connect 1810 PL Fixes in progress use mitigations J9802A HP 1810-8G v2 Switch J9803A HP 1810-24G v2 Switch
RF Manager Fixes in progress use mitigations J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with 50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU
HP Office Connect 1810 PM Fixes in progress use mitigations J9800A HP 1810-8 v2 Switch J9801A HP 1810-24 v2 Switch
HP Office Connect PS1810 Fixes in progress use mitigations J9833A HP PS1810-8G Switch J9834A HP PS1810-24G Switch
Mitigation Instructions
For SSLv3 Server Functionality on Impacted Products:
Disable SSLv3 on clients and/or disable CBC ciphers on clients Use Access Control functionality to control client access
For SSLv3 Client Functionality on Impacted Products:
Go to SSL server and disable SSLv3 and/or disable CBC ciphers Use Access Control functionality to control access to servers
HISTORY Version:1 (rev.1) - 2 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID
NOTE: Please read the readme.txt file before proceeding with the installation. HP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier.
Go to http://www.hp.com/go/oa
Select "Onboard Administrator Firmware" Select product name as ""HP BLc3000 Onboard Administrator Option" or "HP BLc7000 Onboard Administrator Option" Select the operating system from the list of choices Select Firmware version 4.40 for download Refer to the HP BladeSystem Onboard Administrator User Guide for steps to update the Onboard Administrator firmware. ============================================================================ Ubuntu Security Notice USN-2385-1 October 16, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.7
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.20
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.22
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1144", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "flex system chassis management module", scope: null, trust: 3.3, vendor: "ibm", version: null, }, { model: "flex system chassis management module", scope: "eq", trust: 1.8, vendor: "ibm", version: "1.50.1", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1e", }, { model: "flex system chassis management module 1.1.1", scope: null, trust: 1.2, vendor: "ibm", version: null, }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8zb", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "bladecenter advanced management module 3.66n", scope: "ne", trust: 0.9, vendor: "ibm", version: null, }, { model: "bladecenter advanced management module 3.66k", scope: null, trust: 0.9, vendor: "ibm", version: null, }, { model: "flex system chassis management module 1.50.0", scope: null, trust: 0.6, vendor: "ibm", version: null, }, { model: "global console manager", scope: "ne", trust: 0.6, vendor: "ibm", version: "1.26.1.23978", }, { model: "global console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.4.2.15036", }, { model: "global console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.20.20.23447", }, { model: "flex system chassis management module", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.50.0", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.6, vendor: "openssl", version: null, }, { model: "local console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.2.39.0", }, { model: "local console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.2.27.00", }, { model: "local console manager", scope: "ne", trust: 0.6, vendor: "ibm", version: "1.2.40.00", }, { model: "flex system chassis management module 1.40.1", scope: null, trust: 0.6, vendor: "ibm", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "nextscale n1200 enclosure fan power controller fhet23g-2.06", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "rational software architect realtime edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "q", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "bladesystem c-class onboard administrator", scope: "eq", trust: 0.3, vendor: "hp", version: "4.11", }, { model: "k", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "bladesystem c-class onboard administrator", scope: "eq", trust: 0.3, vendor: "hp", version: "4.21", }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "project openssl 0.9.8u", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1.0", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.5", }, { model: "norman shark industrial control system protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.2.3", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1", }, { model: "packetshaper s-series", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "11.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.4", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "flex system chassis management module 1.20.2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "connect:enterprise secure client", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cloudsystem enterprise software", scope: "ne", trust: 0.3, vendor: "hp", version: "8.1.2", }, { model: "sterling connect:enterprise for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "proxyav", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.5", }, { model: "insight control server provisioning", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "j", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 1.0.1j", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "wb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "content analysis system software", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1.2.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.3", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.1.0", }, { model: "n", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "policycenter", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.2", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "project openssl 1.0.0o", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "pa", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "m210", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "vsr1000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.2", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system ib6131 40gb infiniband switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.4", }, { model: "bladesystem c-class onboard administrator", scope: "ne", trust: 0.3, vendor: "hp", version: "4.40", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "oneview", scope: "eq", trust: 0.3, vendor: "hp", version: "1.0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "119000", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.2", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.4", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "10.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.11", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11150-11", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "nextscale n1200 enclosure fan power controller fhet21c-2.04", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "sterling connect:enterprise for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.4.4", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "tivoli composite application manager for transactions", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "norman shark scada protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.2.3", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "megaraid storage manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "15.03.01.00", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.0.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.23", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.2", }, { model: "tivoli netcool/system service monitor fp11", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.1", }, { model: "sterling file gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.4", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "initiate master data service patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "bladesystem c-class onboard administrator", scope: "eq", trust: 0.3, vendor: "hp", version: "4.22", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70000", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "r2122", scope: "ne", trust: 0.3, vendor: "hp", version: "7900", }, { model: "flex system chassis management module 1.40.2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli netcool/system service monitor fp12", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.1", }, { model: "infosphere master data management patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "netcool/system service monitor fp1 p14", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0-", }, { model: "flex system en6131 40gb ethernet switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.4", }, { model: "tivoli composite application manager for transactions", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.1", }, { model: "flex system ib6131 40gb infiniband switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.4.1110", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "policycenter", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "9.2.10", }, { model: "netcool/system service monitor fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.10", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "office connect ps1810", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "qradar siem mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "aura communication manager ssp04", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "ex series network switches for ibm products pre 12.3r9", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.7", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.3", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "m.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.3", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "connect:enterprise command line client", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "79000", }, { model: "malware analyzer g2", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.5", }, { model: "aspera proxy", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "1.2.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "proxyav", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.4", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bcaaa", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.1", }, { model: "aspera mobile", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "cloudsystem foundation", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.2", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "project openssl beta4", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "h.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.20", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "general parallel file system", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.0", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "project openssl beta5", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "tivoli netcool/system service monitor fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0", }, { model: "aspera drive", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "infosphere master data management", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.9", }, { model: "content analysis system", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.2", }, { model: "content analysis system software", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1.53", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.3", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system chassis management module 1.20.1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "security analytics platform", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "6.6.10", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "norman shark scada protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "12500(comware", scope: "eq", trust: 0.3, vendor: "hp", version: "v7)0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "57000", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5.0", }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5", }, { model: "r", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "esxi esxi550-20150110", scope: "ne", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "kb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.8.0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "129000", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "nextscale n1200 enclosure fan power controller fhet24d-2.08", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.6", }, { model: "i.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "security analytics platform", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "7.0", }, { model: "m.08", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.4.1", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "ssl visibility", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.8", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.3", }, { model: "sterling connect:express for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.5.0.11150-11", }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "infosphere master data management provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-493", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.2", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.8", }, { model: "ssl visibility 3.8.2f", scope: "ne", trust: 0.3, vendor: "bluecoat", version: null, }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.1", }, { model: "cloudsystem enterprise software", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.6", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.6", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.6", }, { model: "rational software architect realtime edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-453", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0", }, { model: "director", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "6.1.16.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "sterling connect:express for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.4.6.1146-109", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "tivoli netcool/system service monitor fp10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4", }, { model: "proxysg sgos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.5", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.4", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-467", }, { model: "vb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "connect:enterprise secure client", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56001", }, { model: "ka", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "security analytics platform", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "7.1.6", }, { model: "office connect pk", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v5000-", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "nextscale n1200 enclosure fan power controller fhet21e-2.05", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.2", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "norman shark network protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "yb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.1", }, { model: "flex system chassis management module 1.40.0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bcaaa", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.5", }, { model: "nextscale n1200 enclosure fan power controller fhet24b-2.07", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.5.03.00", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.41", }, { model: "aspera ondemand for google cloud", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8.2.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.21", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "aura utility services sp7", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "sterling file gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "content analysis system software", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1.5.2", }, { model: "aspera console", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "2.5.3", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "bladesystem c-class onboard administrator", scope: "eq", trust: 0.3, vendor: "hp", version: "4.20", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.2", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.2", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.10", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.20", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "5.0.11", }, { model: "tivoli netcool/system service monitor fp13", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "aspera faspex", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.9", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.40", }, { model: "msr2000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "va", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.32", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aspera ondemand for softlayer", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.4", }, { model: "tivoli netcool/system service monitor fp6", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.4", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "aspera ondemand for azure", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5700", }, { model: "aspera shares", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "1.9", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "qradar risk manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.46.4.2.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "aspera connect server", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "aspera client", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.4", }, { model: "aspera outlook plugin", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "content analysis system software", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1.4.2", }, { model: "project openssl 0.9.8zc", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "oneview", scope: "eq", trust: 0.3, vendor: "hp", version: "1.01", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.0", }, { model: "director", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.1.131", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.5", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "ssl visibility", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.7", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.3.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.2", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.0", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.1", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56003", }, { model: "sterling connect:enterprise http option", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.2.0", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.3", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.2", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "flex system chassis management module 1.20.0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2", }, { model: "sterling connect:express for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6.1146-108", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "packetshaper", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "9.2.10", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.5", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4", }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1.2", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "cloudsystem foundation", scope: "eq", trust: 0.3, vendor: "hp", version: "8.1", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.3.2", }, { model: "ps110", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "aspera point to point", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.33", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "initiate master data service provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "packetshaper s-series", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "11.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.0.7", }, { model: "tivoli netcool/system service monitor fp8", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.1.0", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "flex system", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70000", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "imc uam e0302p07", scope: "ne", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.3", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.6", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "switch series (comware", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v7)0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.5", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.1", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.0.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "qradar vulnerability manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "8.0", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.0", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8.1.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "ra", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "tuxedo", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1.0", }, { model: "proxysg sgos", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "6.5.6.1", }, { model: "security analytics platform", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "rf manager", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.9.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.6.0", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "tivoli management framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "packetshaper s-series", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "11.1", }, { model: "h.07", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "infosphere master data management", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1.1", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "tivoli netcool/system service monitor fp4", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "ssl for openvms", scope: "ne", trust: 0.3, vendor: "hp", version: "1.4-495", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "proxysg sgos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.5", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2.2", }, { model: "office connect pm", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "content analysis system", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1", }, { model: "ya", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch series r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5900", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.26.2.1.2", }, { model: "bladesystem c-class onboard administrator", scope: "eq", trust: 0.3, vendor: "hp", version: "4.30", }, { model: "cloudsystem enterprise software", scope: "eq", trust: 0.3, vendor: "hp", version: "8.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.80", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-471", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "initiate master data service provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "12500(comware r7328p04", scope: "ne", trust: 0.3, vendor: "hp", version: "v7)", }, { model: "aura presence services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aura presence services sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.0.1", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "tivoli netcool/system service monitor fp9", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.4", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "w", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "content analysis system software", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1.1.1", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.8.1.0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.7.0", }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.2", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "tivoli netcool/system service monitor fp5", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "pb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "nextscale n1200 enclosure fan power controller fhet13a-2.00", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.56.5.1.0", }, { model: "initiate master data service patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "flex system chassis management module 1.1.0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.10", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.4", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "2.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.7", }, { model: "xcode", scope: "ne", trust: 0.3, vendor: "apple", version: "7.0", }, { model: "switch series r2111p06", scope: "ne", trust: 0.3, vendor: "hp", version: "11900", }, { model: "imc uam", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.5", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "packetshaper", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "aspera orchestrator", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "2.10", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.1.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3", }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "insight control server provisioning 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.4.0", }, { model: "sterling connect:enterprise http option", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "y", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "59200", }, { model: "u", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "insight control", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.34", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "flex system chassis management module 2.5.3t", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "l", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v3500-", }, { model: "server migration pack", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "m220", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56002", }, { model: "project openssl 1.0.0h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "flex system chassis management module 1.0.0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli netcool/system service monitor fp3", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "imc wsm", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "sterling b2b integrator", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aspera ondemand for amazon", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.36.3.1.0", }, { model: "sdk for node.js", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.0.9", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "aura system manager sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "server migration pack", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v3700-", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "59000", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.5", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "msr2000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "a", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "director", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "tivoli netcool/system service monitor fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "qradar siem", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "tivoli netcool/system service monitor fp7", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "sterling b2b integrator", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "nextscale n1200 enclosure fan power controller fhet17a-2.02", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2", }, { model: "tivoli composite application manager for transactions", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "malware analyzer g2", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.1", }, { model: "f", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "nextscale n1200 enclosure fan power controller fhet24j-2.10", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "aspera enterprise server", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "qradar risk manager mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "proxysg sgos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "switch series r1005p15", scope: "ne", trust: 0.3, vendor: "hp", version: "12900", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "office connect p", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "aspera orchestrator", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "norman shark network protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.2.3", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "oneview", scope: "ne", trust: 0.3, vendor: "hp", version: "1.20", }, { model: "matrix operating environment", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "oneview", scope: "eq", trust: 0.3, vendor: "hp", version: "1.10", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "infosphere master data management", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "nextscale n1200 enclosure fan power controller fhet24g-2.09", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "manager for sle sp2", scope: "eq", trust: 0.3, vendor: "suse", version: "111.7", }, { model: "studio onsite", scope: "eq", trust: 0.3, vendor: "suse", version: "1.3", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.8", }, { model: "cloudsystem foundation", scope: "ne", trust: 0.3, vendor: "hp", version: "8.1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.0", }, { model: "office connect pl", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "content analysis system", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "1.2.3.1", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "reporter's iso", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.4", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "oneview", scope: "eq", trust: 0.3, vendor: "hp", version: "1.05", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "t", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "vsr1000 r0204p01", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.4", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "8.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.3", }, { model: "flex system en6131 40gb ethernet switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.4.1110", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-476", }, { model: "switch series r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5920", }, { model: "aspera point to point", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "insight control server provisioning", scope: "ne", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.1", }, { model: "security analytics platform", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "7.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "ei switch series r3108p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5130", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0", }, ], sources: [ { db: "BID", id: "70586", }, { db: "CNNVD", id: "CNNVD-201410-636", }, { db: "NVD", id: "CVE-2014-3567", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8zb", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3567", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "131306", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "131273", }, { db: "PACKETSTORM", id: "131014", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "128921", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "132080", }, ], trust: 0.8, }, cve: "CVE-2014-3567", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2014-3567", impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3567", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201410-636", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2014-3567", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3567", }, { db: "CNNVD", id: "CNNVD-201410-636", }, { db: "NVD", id: "CVE-2014-3567", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected. \n\nThis issue was reported to OpenSSL on 26th September 2014, based on an original\nissue and patch developed by the LibreSSL project. Further analysis of the issue\nwas performed by the OpenSSL team. \n\nThe fix was developed by the OpenSSL team. \n\nThis issue was reported to OpenSSL on 8th October 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nSSL 3.0 Fallback protection\n===========================\n\nSeverity: Medium\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566). \n\nhttps://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSupport for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller. \n\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n==================================================\n\nSeverity: Low\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. \n\nThis issue was reported to OpenSSL by Akamai Technologies on 14th October 2014. \n\nThe fix was developed by Akamai and the OpenSSL team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20141015.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:1692-01\nProduct: Red Hat Storage\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html\nIssue date: 2014-10-22\nCVE Names: CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Storage 2.1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3513\nhttps://access.redhat.com/security/cve/CVE-2014-3567\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp\nRpfQCptdJIpd6WXO7pw1vVo=\n=T20t\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly send\n the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker may be able to bypass access restrictions\nDescription: An API issue existed in the apache configuration. This\nissue was addressed by updating header files to use the latest\nversion. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for: OS X Yosemite 10.10 or later\nImpact: An attacker may be able to access restricted parts of the\nfilesystem\nDescription: A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilties in OpenSSL\nDescription: Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription: Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Build notifications may be sent to unintended recipients\nDescription: An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription: Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nRelease Date: 2014-10-28\nLast Updated: 2014-10-28\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, man-in-the-middle (MitM) attack\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. \n\nThis is the SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely to\nallow disclosure of information. \n\nReferences:\n\nCVE-2014-3566 Man-in-th-Middle (MitM) attack\nCVE-2014-3567 Remote Unauthorized Access\nCVE-2014-3568 Remote Denial of Service (DoS)\nSSRT101767\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from the following ftp site. \n\nftp://ssl098zc:Secure12@ftp.usa.hp.com\n\nUser name: ssl098zc Password: (NOTE: Case sensitive) Secure12\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zc or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 28 October 2014 Initial release\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate's unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nNote: mitigation instructions are included below if the following software\nupdates cannot be applied. \n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n CVE\n\n12900 Switch Series\n R1005P15\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n12500\n R1828P06\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3568\n\n12500 (Comware v7)\n R7328P04\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n11900 Switch Series\n R2111P06\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n10500 Switch Series (Comware v5)\n R1208P10\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3568\n\n10500 Switch Series (Comware v7)\n R2111P06\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n9500E\n R1828P06\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n CVE-2014-3566\nCVE-2014-3568\n\n7900\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis\nJH001A HP FF 7910 2.4Tbps Fabric / MPU\nJG842A HP FF 7910 7.2Tbps Fabric / MPU\nJG841A HP FF 7910 Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n7500 Switch Series\n R6708P10\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800 Russian Version\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602 Russian Version\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602 Russian Version\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600 Russian Version\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP Russian Version\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG778A HP 6600 MCP-X2 Router TAA MPU\n\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5920 Switch Series\n R2311P05\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5900 Switch Series\n R2311P05\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5830 Switch Series\n R1118P11\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n5820 Switch Series\n R1809P03\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5800 Switch Series\n R1809P03\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5700\n R2311P05\n JG894A HP FF 5700-48G-4XG-2QSFP+ Switch\nJG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch\nJG896A HP FF 5700-40XG-2QSFP+ Switch\nJG897A HP FF 5700-40XG-2QSFP+ TAA Switch\nJG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch\nJG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5500 HI Switch Series\n R5501P06\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 EI Switch Series\n R2221P08\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 SI Switch Series\n R2221P08\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5130 EI switch Series\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch\nJG933A HP 5130-24G-SFP-4SFP+ EI Switch\nJG934A HP 5130-48G-4SFP+ EI Switch\nJG936A HP 5130-24G-PoE+-4SFP+ EI Swch\nJG937A HP 5130-48G-PoE+-4SFP+ EI Swch\nJG975A HP 5130-24G-4SFP+ EI BR Switch\nJG976A HP 5130-48G-4SFP+ EI BR Switch\nJG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch\nJG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5120 EI Switch Series\n R2221P08\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5120 SI switch Series\n R1513P95\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n CVE-2014-3566\nCVE-2014-3568\n\n4800 G Switch Series\n R2221P08\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4510G Switch Series\n R2221P08\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4210G Switch Series\n R2221P08\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n3610 Switch Series\n R5319P10\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n CVE-2014-3566\nCVE-2014-3568\n\n3600 V2 Switch Series\n R2110P03\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2-48\n R2110P03\n JG315A HP 3100-48 v2 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1920\n R1105\n JG920A HP 1920-8G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\nJG923A HP 1920-16G Switch\nJG924A HP 1920-24G Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG927A HP 1920-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R11XX\n R1107\n JG536A HP 1910-8 Switch\nJG537A HP 1910-8 -PoE+ Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG540A HP 1910-48 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R15XX\n R1513P95\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1620\n R1104\n JG912A HP 1620-8G Switch\nJG913A HP 1620-24G Switch\nJG914A HP 1620-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X\n R2513P33\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30\n R2513P33\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16\n R2513P33\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X\n R2513P33\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50\n R2513P33\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50-G2\n R2513P33\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20 Russian version\n MSR201X_5.20.R2513L40.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30 Russian version\n MSR201X_5.20.R2513L40.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16 Russian version\n MSR201X_5.20.R2513L40.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 Russian version\n MSR201X_5.20.R2513L40.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 G2 Russian version\n MSR201X_5.20.R2513L40.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR9XX\n R2513P33\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR93X\n R2513P33\n JG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000\n R2513P33\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000 Russian version\n R2513L40.RU\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR2000\n R0106P18\n JG411A HP MSR2003 AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR3000\n R0106P18\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR4000\n R0106P18\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nF5000\n F3210P22\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-C\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-S\n R3811P03\n JG370A HP F5000-S VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200S and CS\n F5123P30\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200A and M\n F5123P30\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade III\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade FW\n R3181P05\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-E\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-A\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-S\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade SSL VPN\n Fix in Progress\nUse Mitigation\n JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic\n\n CVE-2014-3566\nCVE-2014-3568\n\nVSR1000\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nWX5002/5004\n R2507P34\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 850/870\n R2607P34\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 830\n R3507P34\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 6000\n R2507P34\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nVCX\n Fix in Progress\nUse Mitigation\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\nJ9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\nJC517A HP VCX V7205 Platform w/DL 360 G6 Server\nJE355A HP VCX V6000 Branch Platform 9.0\nJC516A HP VCX V7005 Platform w/DL 120 G6 Server\nJC518A HP VCX Connect 200 Primry 120 G6 Server\nJ9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\nJE341A HP VCX Connect 100 Secondary\nJE252A HP VCX Connect Primary MIM Module\nJE253A HP VCX Connect Secondary MIM Module\nJE254A HP VCX Branch MIM Module\nJE355A HP VCX V6000 Branch Platform 9.0\nJD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\nJD023A HP MSR30-40 Router with VCX MIM Module\nJD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\nJD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\nJD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\nJD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\nJD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\nJE340A HP VCX Connect 100 Pri Server 9.0\nJE342A HP VCX Connect 100 Sec Server 9.0\n\n CVE-2014-3566\nCVE-2014-3568\n\niMC PLAT\n iMC PLAT v7.1 E0303P06\n JD125A HP IMC Std S/W Platform w/100-node\nJD126A HP IMC Ent S/W Platform w/100-node\nJD808A HP IMC Ent Platform w/100-node License\nJD815A HP IMC Std Platform w/100-node License\nJF377A HP IMC Std S/W Platform w/100-node Lic\nJF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\nJF378A HP IMC Ent S/W Platform w/200-node Lic\nJF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect VAE E-LTU\nJG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\nJG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\nJG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\nJG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\nJG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\n CVE-2014-3566\n\niMC UAM\n iMC UAM v7.1 E0302P07\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\niMC WSM\n Fix in Progress\nUse Mitigation\n JD456A HP WSM Plug-in for IMC\nIncludes 50 Aps\nJF414A HP IMC WSM S/W Module with 50-AP License\nJF414AAE HP IMC WSM S/W Module with 50-AP E-LTU\nJG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU\nJG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\nA\n Fixes in progress\nuse mitigations\n J9565A HP 2615-8-PoE Switch\nJ9562A HP 2915-8G-PoE Switch\n\nE\n Fixes in progress\nuse mitigations\n J4850A HP ProCurve Switch 5304xl\nJ8166A HP ProCurve Switch 5304xl-32G\nJ4819A HP ProCurve Switch 5308xl\nJ8167A HP ProCurve Switch 5308xl-48G\nJ4849A HP ProCurve Switch 5348xl\nJ4849B HP ProCurve Switch 5348xl\nJ4848A HP ProCurve Switch 5372xl\nJ4848B HP ProCurve Switch 5372xl\n\nF\n Fixes in progress\nuse mitigations\n J4812A HP ProCurve 2512 Switch\nJ4813A HP ProCurve 2524 Switch\nJ4817A HP ProCurve 2312 Switch\nJ4818A HP ProCurve 2324 Switch\n\nH.07\n Fixes in progress\nuse mitigations\n J4902A HP ProCurve 6108 Switch\n\nH.10\n Fixes in progress\nuse mitigations\n J8762A HP E2600-8-PoE Switch\nJ4900A HP PROCURVE SWITCH 2626\nJ4900B HP ProCurve Switch 2626\nJ4900C ProCurve Switch 2626\nJ4899A HP ProCurve Switch 2650\nJ4899B HP ProCurve Switch 2650\nJ4899C ProCurve Switch 2650\nJ8164A ProCurve Switch 2626-PWR\nJ8165A HP ProCurve Switch 2650-PWR\n\ni.10\n Fixes in progress\nuse mitigations\n J4903A ProCurve Switch 2824\nJ4904A HP ProCurve Switch 2848\n\nJ\n Fixes in progress\nuse mitigations\n J9299A HP 2520-24G-PoE Switch\nJ9298A HP 2520-8G-PoE Switch\n\nK\n Fixes in progress\nuse mitigations\n J8692A HP 3500-24G-PoE yl Switch\nJ8693A HP 3500-48G-PoE yl Switch\nJ9310A HP 3500-24G-PoE+ yl Switch\nJ9311A HP 3500-48G-PoE+ yl Switch\nJ9470A HP 3500-24 Switch\nJ9471A HP 3500-24-PoE Switch\nJ9472A HP 3500-48 Switch\nJ9473A HP 3500-48-PoE Switch\nJ8697A HP E5406 zl Switch Chassis\nJ8699A HP 5406-48G zl Switch\nJ9447A HP 5406-44G-PoE+-4SFP zl Switch\nJ9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW\nJ9642A HP 5406 zl Switch with Premium Software\nJ9866A HP 5406 8p10GT 8p10GE Swch and Psw\nJ8698A HP E5412 zl Switch Chassis\nJ8700A HP 5412-96G zl Switch\nJ9448A HP 5412-92G-PoE+-4SFP zl Switch\nJ9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW\nJ9643A HP 5412 zl Switch with Premium Software\nJ8992A HP 6200-24G-mGBIC yl Switch\nJ9263A HP E6600-24G Switch\nJ9264A HP 6600-24G-4XG Switch\nJ9265A HP 6600-24XG Switch\nJ9451A HP E6600-48G Switch\nJ9452A HP 6600-48G-4XG Switch\nJ9475A HP E8206 zl Switch Base System\nJ9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9640A HP 8206 zl Switch w/Premium Software\nJ8715A ProCurve Switch 8212zl Base System\nJ8715B HP E8212 zl Switch Base System\nJ9091A ProCurve Switch 8212zl Chassis&Fan Tray\nJ9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9641A HP 8212 zl Switch with Premium SW\n\nKA\n Fixes in progress\nuse mitigations\n J9573A HP 3800-24G-PoE+-2SFP+ Switch\nJ9574A HP 3800-48G-PoE+-4SFP+ Switch\nJ9575A HP 3800-24G-2SFP+ Switch\nJ9576A HP 3800-48G-4SFP+ Switch\nJ9584A HP 3800-24SFP-2SFP+ Switch\nJ9585A HP 3800-24G-2XG Switch\nJ9586A HP 3800-48G-4XG Switch\nJ9587A HP 3800-24G-PoE+-2XG Switch\nJ9588A HP 3800-48G-PoE+-4XG Switch\n\nKB\n Fixes in progress\nuse mitigations\n J9821A HP 5406R zl2 Switch\nJ9822A HP 5412R zl2 Switch\nJ9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9850A HP 5406R zl2 Switch\nJ9851A HP 5412R zl2 Switch\nJ9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch\n\nL\n Fixes in progress\nuse mitigations\n J8772B HP 4202-72 Vl Switch\nJ8770A HP 4204 Vl Switch Chassis\nJ9064A HP 4204-44G-4SFP Vl Switch\nJ8773A HP 4208 Vl Switch Chassis\nJ9030A HP 4208-68G-4SFP Vl Switch\nJ8775B HP 4208-96 Vl Switch\nJ8771A ProCurve Switch 4202VL-48G\nJ8772A ProCurve Switch 4202VL-72\nJ8774A ProCurve Switch 4208VL-64G\nJ8775A ProCurve Switch 4208VL-96\n\nM.08\n Fixes in progress\nuse mitigations\n J8433A HP 6400-6XG cl Switch\nJ8474A HP 6410-6XG cl Switch\n\nM.10\n Fixes in progress\nuse mitigations\n J4906A HP E3400-48G cl Switch\nJ4905A HP ProCurve Switch 3400cl-24G\n\nN\n Fixes in progress\nuse mitigations\n J9021A HP 2810-24G Switch\nJ9022A HP 2810-48G Switch\n\nPA\n Fixes in progress\nuse mitigations\n J9029A ProCurve Switch 1800-8G\n\nPB\n Fixes in progress\nuse mitigations\n J9028A ProCurve Switch 1800-24G\nJ9028B ProCurve Switch 1800-24G\n\nQ\n Fixes in progress\nuse mitigations\n J9019B HP 2510-24 Switch\nJ9019A ProCurve Switch 2510-24\n\nR\n Fixes in progress\nuse mitigations\n J9085A HP 2610-24 Switch\nJ9087A HP 2610-24-PoE Switch\nJ9086A HP 2610-24-PPoE Switch\nJ9088A HP 2610-48 Switch\nJ9089A HP 2610-48-PoE Switch\n\nRA\n Fixes in progress\nuse mitigations\n J9623A HP 2620-24 Switch\nJ9624A HP 2620-24-PPoE+ Switch\nJ9625A HP 2620-24-PoE+ Switch\nJ9626A HP 2620-48 Switch\nJ9627A HP 2620-48-PoE+ Switch\n\nS\n Fixes in progress\nuse mitigations\n J9138A HP 2520-24-PoE Switch\nJ9137A HP 2520-8-PoE Switch\n\nT\n Fixes in progress\nuse mitigations\n J9049A ProCurve Switch 2900- 24G\nJ9050A ProCurve Switch 2900 48G\n\nU\n Fixes in progress\nuse mitigations\n J9020A HP 2510-48 Switch\n\nVA\n Fixes in progress\nuse mitigations\n J9079A HP 1700-8 Switch\n\nVB\n Fixes in progress\nuse mitigations\n J9080A HP 1700-24 Switch\n\nW\n Fixes in progress\nuse mitigations\n J9145A HP 2910-24G al Switch\nJ9146A HP 2910-24G-PoE+ al Switch\nJ9147A HP 2910-48G al Switch\nJ9148A HP 2910-48G-PoE+ al Switch\n\nWB\n Fixes in progress\nuse mitigations\n J9726A HP 2920-24G Switch\nJ9727A HP 2920-24G-POE+ Switch\nJ9728A HP 2920-48G Switch\nJ9729A HP 2920-48G-POE+ Switch\nJ9836A HP 2920-48G-POE+ 740W Switch\n\nY\n Fixes in progress\nuse mitigations\n J9279A HP 2510-24G Switch\nJ9280A HP 2510-48G Switch\n\nYA\n Fixes in progress\nuse mitigations\n J9772A HP 2530-48G-PoE+ Switch\nJ9773A HP 2530-24G-PoE+ Switch\nJ9774A HP 2530-8G-PoE+ Switch\nJ9775A HP 2530-48G Switch\nJ9776A HP 2530-24G Switch\nJ9777A HP 2530-8G Switch\nJ9778A HP 2530-48-PoE+ Switch\nJ9781A HP 2530-48 Switch\nJ9853A HP 2530-48G-PoE+-2SFP+ Switch\nJ9854A HP 2530-24G-PoE+-2SFP+ Switch\nJ9855A HP 2530-48G-2SFP+ Switch\nJ9856A HP 2530-24G-2SFP+ Switch\n\nYB\n Fixes in progress\nuse mitigations\n J9779A HP 2530-24-PoE+ Switch\nJ9780A HP 2530-8-PoE+ Switch\nJ9782A HP 2530-24 Switch\nJ9783A HP 2530-8 Switch\n\nMSM 6.5\n 6.5.1.0\n J9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9840A HP MSM775 zl Premium Controller Module\nJ9845A HP 560 Wireless 802.11ac (AM) AP\nJ9846A HP 560 Wireless 802.11ac (WW) AP\nJ9847A HP 560 Wireless 802.11ac (JP) AP\nJ9848A HP 560 Wireless 802.11ac (IL) AP\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\n\nMSM 6.4\n 6.4.2.1\n J9840A HP MSM775 zl Premium Controller Module\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\n\nMSM 6.3\n 6.3.1.0\n J9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\n\nMSM 6.2\n 6.2.1.2\n J9370A HP MSM765 Zl Premium Mobility Controller\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9840A HP MSM775 zl Premium Controller Module\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\n\nM220\n Fixes in progress\nuse mitigations\n J9798A HP M220 802.11n (AM) Access Point\nJ9799A HP M220 802.11n (WW) Access Point\n\nM210\n Fixes in progress\nuse mitigations\n JL023A HP M210 802.11n (AM) Access Point\nJL024A HP M210 802.11n (WW) Access Point\n\nPS110\n Fixes in progress\nuse mitigations\n JL065A HP PS110 Wireless 802.11n VPN AM Router\nJL066A HP PS110 Wireless 802.11n VPN WW Router\n\nHP Office Connect 1810 PK\n Fixes in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nHP Office Connect 1810 P\n Fixes in progress\nuse mitigations\n J9450A HP 1810-24G Switch\nJ9449A HP 1810-8G Switch\n\nHP Office Connect 1810 PL\n Fixes in progress\nuse mitigations\n J9802A HP 1810-8G v2 Switch\nJ9803A HP 1810-24G v2 Switch\n\nRF Manager\n Fixes in progress\nuse mitigations\n J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with\n50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU\n\nHP Office Connect 1810 PM\n Fixes in progress\nuse mitigations\n J9800A HP 1810-8 v2 Switch\nJ9801A HP 1810-24 v2 Switch\n\nHP Office Connect PS1810\n Fixes in progress\nuse mitigations\n J9833A HP PS1810-8G Switch\nJ9834A HP PS1810-24G Switch\n\nMitigation Instructions\n\nFor SSLv3 Server Functionality on Impacted Products:\n\nDisable SSLv3 on clients\nand/or disable CBC ciphers on clients\nUse Access Control functionality to control client access\n\nFor SSLv3 Client Functionality on Impacted Products:\n\nGo to SSL server and disable SSLv3\nand/or disable CBC ciphers\nUse Access Control functionality to control access to servers\n\nHISTORY\nVersion:1 (rev.1) - 2 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \nHP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier. \n\nGo to\nhttp://www.hp.com/go/oa\n\nSelect \"Onboard Administrator Firmware\"\nSelect product name as \"\"HP BLc3000 Onboard Administrator Option\" or \"HP\nBLc7000 Onboard Administrator Option\"\nSelect the operating system from the list of choices\nSelect Firmware version 4.40 for download\nRefer to the HP BladeSystem Onboard Administrator User Guide for steps to\nupdate the Onboard Administrator firmware. ============================================================================\nUbuntu Security Notice USN-2385-1\nOctober 16, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.7\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.20\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.22\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes", sources: [ { db: "NVD", id: "CVE-2014-3567", }, { db: "BID", id: "70586", }, { db: "PACKETSTORM", id: "169664", }, { db: "PACKETSTORM", id: "128793", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "128921", }, { db: "VULMON", id: "CVE-2014-3567", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "131014", }, { db: "PACKETSTORM", id: "131273", }, { db: "PACKETSTORM", id: "128838", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "131306", }, { db: "PACKETSTORM", id: "128708", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3567", trust: 3.5, }, { db: "BID", id: "70586", trust: 1.4, }, { db: "SECUNIA", id: "62124", trust: 1.1, }, { db: "SECUNIA", id: "62030", trust: 1.1, }, { db: "SECUNIA", id: "61058", trust: 1.1, }, { db: "SECUNIA", id: "59627", trust: 1.1, }, { db: "SECUNIA", id: "61819", trust: 1.1, }, { db: "SECUNIA", id: "61130", trust: 1.1, }, { db: "SECUNIA", id: "61207", trust: 1.1, }, { db: "SECUNIA", id: "61837", trust: 1.1, }, { db: "SECUNIA", id: "61990", trust: 1.1, }, { db: "SECUNIA", id: "61298", trust: 1.1, }, { db: "SECUNIA", id: "62070", trust: 1.1, }, { db: "SECUNIA", id: "61073", trust: 1.1, }, { db: "SECUNIA", id: "61959", trust: 1.1, }, { db: "SECTRACK", id: "1031052", trust: 1.1, }, { db: "MCAFEE", id: "SB10091", trust: 1.1, }, { db: "AUSCERT", id: "ESB-2022.0696", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.2148", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201410-636", trust: 0.6, }, { db: "VULMON", id: "CVE-2014-3567", trust: 0.1, }, { db: "PACKETSTORM", id: "131306", trust: 0.1, }, { db: "PACKETSTORM", id: "130815", trust: 0.1, }, { db: "PACKETSTORM", id: "128838", trust: 0.1, }, { db: "PACKETSTORM", id: "131273", trust: 0.1, }, { db: "PACKETSTORM", id: "131014", trust: 0.1, }, { db: "PACKETSTORM", id: "132085", trust: 0.1, }, { db: "PACKETSTORM", id: "131044", trust: 0.1, }, { db: "PACKETSTORM", id: "128708", trust: 0.1, }, { db: "PACKETSTORM", id: "128921", trust: 0.1, }, { db: "PACKETSTORM", id: "132081", trust: 0.1, }, { db: "PACKETSTORM", id: "133617", trust: 0.1, }, { db: "PACKETSTORM", id: "132080", trust: 0.1, }, { db: "PACKETSTORM", id: "128728", trust: 0.1, }, { db: "PACKETSTORM", id: "128793", trust: 0.1, }, { db: "PACKETSTORM", id: "169664", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3567", }, { db: "BID", id: "70586", }, { db: "PACKETSTORM", id: "131306", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "128838", }, { db: "PACKETSTORM", id: "131273", }, { db: "PACKETSTORM", id: "131014", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "128708", }, { db: "PACKETSTORM", id: "128921", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128793", }, { db: "PACKETSTORM", id: "169664", }, { db: "CNNVD", id: "CNNVD-201410-636", }, { db: "NVD", id: "CVE-2014-3567", }, ], }, id: "VAR-201410-1144", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.3025641, }, last_update_date: "2024-07-23T21:24:46.357000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "openssl-1.0.0o", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52068", }, { title: "openssl-0.9.8zc", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52067", }, { title: "openssl-1.0.1j", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52069", }, { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/", }, { title: "Red Hat: Critical: rhev-hypervisor6 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150126 - security advisory", }, { title: "Red Hat: CVE-2014-3567", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3567", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2385-1", }, { title: "Debian Security Advisories: DSA-3053-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=89bdef3607a7448566a930eca0e94cb3", }, { title: "Amazon Linux AMI: ALAS-2014-427", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2014-427", }, { title: "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=374cff59719675d8235f907c21b99bfc", }, { title: "Tenable Security Advisories: [R7] OpenSSL '20141015' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2014-11", }, { title: "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4a692d6d60aa31507cb101702b494c51", }, { title: "Splunk Security Announcements: Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=555e6256ba536e4a20d40e659e367839", }, { title: "Splunk Security Announcements: Splunk Enterprise 6.1.5 addresses two vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=dfed8c47fbdf5e7bb5fbbdd725bdfb67", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "rhsecapi", trust: 0.1, url: "https://github.com/redhatofficial/rhsecapi ", }, { title: "cve-pylib", trust: 0.1, url: "https://github.com/redhatproductsecurity/cve-pylib ", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3567", }, { db: "CNNVD", id: "CNNVD-201410-636", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "CWE-399", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2014-3567", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://www.openssl.org/news/secadv_20141015.txt", }, { trust: 1.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 1.4, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", }, { trust: 1.4, url: "http://www.splunk.com/view/sp-caaanst", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", }, { trust: 1.4, url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/70586", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2014-1692.html", }, { trust: 1.2, url: "http://www.ubuntu.com/usn/usn-2385-1", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2014-1652.html", }, { trust: 1.1, url: "http://www.debian.org/security/2014/dsa-3053", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=141477196830952&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", }, { trust: 1.1, url: "http://secunia.com/advisories/61130", }, { trust: 1.1, url: "http://secunia.com/advisories/61073", }, { trust: 1.1, url: "http://secunia.com/advisories/62070", }, { trust: 1.1, url: "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1031052", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", }, { trust: 1.1, url: "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc", }, { trust: 1.1, url: "http://secunia.com/advisories/61207", }, { trust: 1.1, url: "http://secunia.com/advisories/62030", }, { trust: 1.1, url: "http://secunia.com/advisories/61819", }, { trust: 1.1, url: "http://secunia.com/advisories/61058", }, { trust: 1.1, url: "http://secunia.com/advisories/61990", }, { trust: 1.1, url: "http://secunia.com/advisories/61837", }, { trust: 1.1, url: "http://secunia.com/advisories/62124", }, { trust: 1.1, url: "http://support.apple.com/ht204244", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html", }, { trust: 1.1, url: "http://security.gentoo.org/glsa/glsa-201412-39.xml", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142103967620673&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142495837901899&w=2", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0126.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142624590206005&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142791032306609&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142834685803386&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142804214608580&w=2", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10091", }, { trust: 1.1, url: "http://secunia.com/advisories/61959", }, { trust: 1.1, url: "http://secunia.com/advisories/61298", }, { trust: 1.1, url: "http://secunia.com/advisories/59627", }, { trust: 1.1, url: "http://advisories.mageia.org/mgasa-2014-0416.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290437727362&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290583027876&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290522027658&w=2", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html", }, { trust: 1.1, url: "https://support.apple.com/ht205217", }, { trust: 1.1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=7fd4ce6a997be5f5c9e744ac527725c2850de203", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3568", }, { trust: 0.8, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.8, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.8, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0696", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10887855", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.2148/", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3508", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3509", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-5139", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3511", }, { trust: 0.4, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.4, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21687676", }, { trust: 0.3, url: "http://www.openssl.org", }, { trust: 0.3, url: "https://bto.bluecoat.com/security-advisory/sa87", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21690537", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959161", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21691210", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/may/158", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/may/156", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/may/157", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/may/159", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/151", }, { trust: 0.3, url: "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692", }, { trust: 0.3, url: "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/apr/35", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 ", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 ", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21686792", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196", }, { trust: 0.3, url: "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21884030", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959134", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21691005", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21688284", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697995", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697165", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687801", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21689482", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689101", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701452", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098251", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21693662", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689347", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097159", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097913", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21697162", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097911", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689743", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21691140", }, { trust: 0.3, url: "http://www.vmware.com/security/advisories/vmsa-2015-0001.html ", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101009000", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699200", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700489", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687863", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2014-3567", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.2, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.2, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.2, url: "http://www.debian.org/security/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/399.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2015:0126", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2385-1/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=37192", }, { trust: 0.1, url: "http://www.hp.com/go/oa", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0160", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0198", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5298", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150108.txt", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0221", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.20", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.7", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.22", }, { trust: 0.1, url: "https://www.hp.com/go/swa", }, { trust: 0.1, url: "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5910", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3185", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://developer.apple.com/xcode/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-6394", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0251", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5909", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3513", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://access.redhat.com/articles/1232123", }, { trust: 0.1, url: "https://www.openssl.org/~bodo/ssl-poodle.pdf", }, { trust: 0.1, url: "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00", }, { trust: 0.1, url: "https://www.openssl.org/about/secpolicy.html", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3567", }, { db: "BID", id: "70586", }, { db: "PACKETSTORM", id: "131306", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "128838", }, { db: "PACKETSTORM", id: "131273", }, { db: "PACKETSTORM", id: "131014", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "128708", }, { db: "PACKETSTORM", id: "128921", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128793", }, { db: "PACKETSTORM", id: "169664", }, { db: "CNNVD", id: "CNNVD-201410-636", }, { db: "NVD", id: "CVE-2014-3567", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3567", }, { db: "BID", id: "70586", }, { db: "PACKETSTORM", id: "131306", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "128838", }, { db: "PACKETSTORM", id: "131273", }, { db: "PACKETSTORM", id: "131014", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "128708", }, { db: "PACKETSTORM", id: "128921", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128793", }, { db: "PACKETSTORM", id: "169664", }, { db: "CNNVD", id: "CNNVD-201410-636", }, { db: "NVD", id: "CVE-2014-3567", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-10-19T00:00:00", db: "VULMON", id: "CVE-2014-3567", }, { date: "2014-10-15T00:00:00", db: "BID", id: "70586", }, { date: "2015-04-06T19:11:05", db: "PACKETSTORM", id: "131306", }, { date: "2015-03-13T17:11:00", db: "PACKETSTORM", id: "130815", }, { date: "2014-10-24T20:07:16", db: "PACKETSTORM", id: "128838", }, { date: "2015-04-03T15:45:16", db: "PACKETSTORM", id: "131273", }, { date: "2015-03-25T00:42:25", db: "PACKETSTORM", id: "131014", }, { date: "2015-05-29T23:37:43", db: "PACKETSTORM", id: "132085", }, { date: "2015-03-27T20:42:44", db: "PACKETSTORM", id: "131044", }, { date: "2014-10-17T00:03:35", db: "PACKETSTORM", id: "128708", }, { date: "2014-10-31T23:08:29", db: "PACKETSTORM", id: "128921", }, { date: "2015-05-29T23:37:11", db: "PACKETSTORM", id: "132081", }, { date: "2015-09-19T15:31:48", db: "PACKETSTORM", id: "133617", }, { date: "2015-05-29T23:37:04", db: "PACKETSTORM", id: "132080", }, { date: "2014-10-17T14:50:20", db: "PACKETSTORM", id: "128728", }, { date: "2014-10-22T18:52:41", db: "PACKETSTORM", id: "128793", }, { date: "2014-10-15T12:12:12", db: "PACKETSTORM", id: "169664", }, { date: "2014-10-22T00:00:00", db: "CNNVD", id: "CNNVD-201410-636", }, { date: "2014-10-19T01:55:13.933000", db: "NVD", id: "CVE-2014-3567", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2014-3567", }, { date: "2016-09-09T15:00:00", db: "BID", id: "70586", }, { date: "2022-02-18T00:00:00", db: "CNNVD", id: "CNNVD-201410-636", }, { date: "2023-11-07T02:20:13.200000", db: "NVD", id: "CVE-2014-3567", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "128708", }, { db: "CNNVD", id: "CNNVD-201410-636", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL Memory leak denial of service vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-201410-636", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "resource management error", sources: [ { db: "CNNVD", id: "CNNVD-201410-636", }, ], trust: 0.6, }, }
var-201102-0280
Vulnerability from variot
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. Oracle Java is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition. This issue affects both the Java compiler and Runtime Environment. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Impact
A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools.
NNMi Version / Operating System Required Patch Hotfix
9.1x HP-UX Patch 4 Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip
9.1x Linux Patch 4 Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip
9.1x Solaris Patch 4 Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip
9.1x Windows Patch 4 Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip
Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled.
MANUAL ACTIONS: Yes - Update
Install the applicable patch and hotfix. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Network Satellite Server 5.4 (RHEL v.5) - i386, s390x, x86_64
- In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476)
Users of Red Hat Network Satellite 5.4.1 are advised to upgrade to these updated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java release. For this update to take effect, Red Hat Network Satellite must be restarted. Refer to the Solution section for details.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
Run the following command to restart the Red Hat Network Satellite server:
rhn-satellite restart
- Bugs fixed (http://bugzilla.redhat.com/):
533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005) 639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775) 639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710) 639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813) 639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564) 639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023) 639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489) 639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692) 642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002) 642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017) 642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603) 642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004) 642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426) 642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component 642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component 642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component 642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component 642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component 642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component 642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component 642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service 675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662) 676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453) 676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922) 677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component 677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component 677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component 677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component 677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component 677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component 677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component 677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component 677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component 677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component 677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component
- Package List:
Red Hat Network Satellite Server 5.4 (RHEL v.5):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm
i386: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm
s390x: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm
x86_64: java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm java-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2009-3555.html https://www.redhat.com/security/data/cve/CVE-2010-1321.html https://www.redhat.com/security/data/cve/CVE-2010-3541.html https://www.redhat.com/security/data/cve/CVE-2010-3548.html https://www.redhat.com/security/data/cve/CVE-2010-3549.html https://www.redhat.com/security/data/cve/CVE-2010-3550.html https://www.redhat.com/security/data/cve/CVE-2010-3551.html https://www.redhat.com/security/data/cve/CVE-2010-3553.html https://www.redhat.com/security/data/cve/CVE-2010-3555.html https://www.redhat.com/security/data/cve/CVE-2010-3556.html https://www.redhat.com/security/data/cve/CVE-2010-3557.html https://www.redhat.com/security/data/cve/CVE-2010-3558.html https://www.redhat.com/security/data/cve/CVE-2010-3560.html https://www.redhat.com/security/data/cve/CVE-2010-3562.html https://www.redhat.com/security/data/cve/CVE-2010-3563.html https://www.redhat.com/security/data/cve/CVE-2010-3565.html https://www.redhat.com/security/data/cve/CVE-2010-3566.html https://www.redhat.com/security/data/cve/CVE-2010-3568.html https://www.redhat.com/security/data/cve/CVE-2010-3569.html https://www.redhat.com/security/data/cve/CVE-2010-3571.html https://www.redhat.com/security/data/cve/CVE-2010-3572.html https://www.redhat.com/security/data/cve/CVE-2010-3573.html https://www.redhat.com/security/data/cve/CVE-2010-3574.html https://www.redhat.com/security/data/cve/CVE-2010-4422.html https://www.redhat.com/security/data/cve/CVE-2010-4447.html https://www.redhat.com/security/data/cve/CVE-2010-4448.html https://www.redhat.com/security/data/cve/CVE-2010-4452.html https://www.redhat.com/security/data/cve/CVE-2010-4454.html https://www.redhat.com/security/data/cve/CVE-2010-4462.html https://www.redhat.com/security/data/cve/CVE-2010-4463.html https://www.redhat.com/security/data/cve/CVE-2010-4465.html https://www.redhat.com/security/data/cve/CVE-2010-4466.html https://www.redhat.com/security/data/cve/CVE-2010-4467.html https://www.redhat.com/security/data/cve/CVE-2010-4468.html https://www.redhat.com/security/data/cve/CVE-2010-4471.html https://www.redhat.com/security/data/cve/CVE-2010-4473.html https://www.redhat.com/security/data/cve/CVE-2010-4475.html https://www.redhat.com/security/data/cve/CVE-2010-4476.html https://access.redhat.com/security/updates/classification/#low http://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
For more information see vulnerability #1 in: SA43262
Please see the vendor's advisory for the list of affected products.
SOLUTION: Update to a fixed version. Please see the vendor's advisory for more details. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Sun Java JDK / JRE / SDK "doubleValue()" Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA43262
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43262/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43262
RELEASE DATE: 2011-02-09
DISCUSS ADVISORY: http://secunia.com/advisories/43262/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43262/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43262
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Konstantin Preiber has reported a vulnerability in Sun Java, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the "doubleValue()" method in FloatingDecimal.java when converting "2.2250738585072012e-308" from a string type to a double precision binary floating point and can be exploited to cause an infinite loop. * Sun JDK 5.0 Update 27 and prior. * Sun SDK 1.4.2_29 and prior.
SOLUTION: Apply patch via the FPUpdater tool.
PROVIDED AND/OR DISCOVERED BY: Konstantin Preiber
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02746026 Version: 1
HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-12 Last Updated: 2011-04-12
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
References: CVE-2010-4476
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Any version of Java running on HP Network Node Manager i (NNMi) v8.1x and v9.0x for HP-UX, Linux, Solaris, and Windows
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made two methods available to resolve the vulnerability. Customers can request hotfixes or use the FPupdater tool.
Hotfixes
Customers can request the following hotfixes by contacting the normal HP Services support channel.
NNMi Version JDK Hotfix Number
NNMi 9.0x JDK b QCCR1B87492
NNMi 9.0x JDK nnm QCCR1B87433
NNMi 8.1x JDK b QCCR1B87492
NNMi 8.1x JDK nnm (nms on Windows) QCCR1B87491
FPUpdater (Floating Point Updater)
The FPupdater tool can be used instead of applying hotfixes.
To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool
Note: NNMi has two JDKs to be updated. Before running the FPUpdater tool set the shell environment variable JRE_HOME as follows:
NNMi Version JDK JRE_HOME for HP-UX, Linux, Solaris JRE_HOME for Windows
NNMi 9.x JDK b /opt/OV/nonOV/jdk/b/jre {install_dir}\nonOV\jdk\b\jre
NNMi 9.x JDK nnm /opt/OV/nonOV/jdk/nnm/jre {install_dir}\nonOV\jdk\nnm\jre
NNMi 8.1x JDK b /opt/OV/nonOV/jdk/b/jre {install_dir}\nonOV\jdk\b\jre
NNMi 8.1x JDK nnm (nms on Windows) /opt/OV/nonOV/jdk/nnm/jre {install_dir}\nonOV\jdk\nms\jre
MANUAL ACTIONS: Yes - Update
Install the appropriate hotfix or update using FPUpdater
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX NNM 8.x and v9.x
HP-UX B.11.31 HP-UX B.11.23 (IA) ============= HPOvNNM.HPNMSJBOSS action: install the appropriate hotfix or update using FPUpdater
END AFFECTED VERSIONS (for HP-UX)
HISTORY Version:1 (rev.1) - 12 April 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk2kX5sACgkQ4B86/C0qfVnGRwCgot7NFjfw2O2zBn2uPX3Q/SVW AewAoNWFcOq802uOl0MpL1CHVvxYZMNf =g6I8 -----END PGP SIGNATURE----- . The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0280", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "cosminexus application server enterprise 06-50-/a", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-00-/a", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-50-/b", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-70-/b", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-50-/a", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-70-/c", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-70-/b", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-70-/c", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-50-/b", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-00-/a", scope: null, trust: 2.1, vendor: "hitachi", version: null, }, { model: "jre", scope: "eq", trust: 1.9, vendor: "sun", version: "1.4.2", }, { model: "sdk", scope: "eq", trust: 1.9, vendor: "sun", version: "1.4.2", }, { model: "ucosminexus service platform", scope: "eq", trust: 1.8, vendor: "hitachi", version: "08-00-01", }, { model: "ucosminexus service architect", scope: "eq", trust: 1.8, vendor: "hitachi", version: "08-00-01", }, { model: "cosminexus application server standard 06-50-/c", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.8, vendor: "hitachi", version: "08-00-01", }, { model: "ucosminexus application server standard 06-70-/a", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-70-/f", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-00-/b", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.8, vendor: "hitachi", version: "07-10", }, { model: "cosminexus application server standard 06-00-/b", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus client", scope: "eq", trust: 1.8, vendor: "hitachi", version: "08-00-01", }, { model: "cosminexus application server enterprise 06-50-/c", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-70-/a", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-70-/f", scope: null, trust: 1.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.8, vendor: "hitachi", version: "08-00-01", }, { model: "hp systems insight manager", scope: "eq", trust: 1.6, vendor: "hewlett packard l p", version: "prior to v7.0", }, { model: "cosminexus application server standard", scope: "eq", trust: 1.5, vendor: "hitachi", version: "06-50", }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.5, vendor: "hitachi", version: "07-10", }, { model: "ucosminexus application server standard 06-70-/d", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-70-/g", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.5, vendor: "hitachi", version: "06-70", }, { model: "cosminexus application server enterprise 06-00-/c", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "jre 011", scope: "eq", trust: 1.5, vendor: "sun", version: "1.2.2", }, { model: "cosminexus application server standard 06-00-/e", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise", scope: "eq", trust: 1.5, vendor: "hitachi", version: "06-00", }, { model: "ucosminexus application server standard 06-70-/e", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-00-/d", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-50-/e", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-00-/e", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-50-/e", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard", scope: "eq", trust: 1.5, vendor: "hitachi", version: "06-00", }, { model: "ucosminexus application server enterprise 06-70-/e", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-00-/c", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "jre 010", scope: "eq", trust: 1.5, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.5, vendor: "hitachi", version: "06-70", }, { model: "cosminexus application server enterprise", scope: "eq", trust: 1.5, vendor: "hitachi", version: "06-50", }, { model: "ucosminexus application server enterprise 06-70-/d", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-00-/d", scope: null, trust: 1.5, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00", }, { model: "cosminexus application server 05-05-/i", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "cosminexus application server", scope: "eq", trust: 1.2, vendor: "hitachi", version: "05-05", }, { model: "ucosminexus client", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "cosminexus application server 05-05-/d", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "jre 013", scope: "eq", trust: 1.2, vendor: "sun", version: "1.2.2", }, { model: "cosminexus application server 05-05-/h", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-60", }, { model: "jp1/cm2/network node manager starter edition", scope: "eq", trust: 1.2, vendor: "hitachi", version: "25008-10-01", }, { model: "ucosminexus service platform", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "ucosminexus application server enterprise 06-70-/g", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "cosminexus application server 05-05-/f", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-50-/d", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.2, vendor: "hitachi", version: "08-00", }, { model: "cosminexus application server 05-05-/a", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-05-/e", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "ucosminexus developer professional", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-60", }, { model: "cosminexus application server 05-05-/g", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "ucosminexus operator", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "jre 014", scope: "eq", trust: 1.2, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus service architect", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00-06", }, { model: "jre", scope: "eq", trust: 1.2, vendor: "sun", version: "1.2.2", }, { model: "cosminexus application server 05-05-/b", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-05-/c", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-50-/d", scope: null, trust: 1.2, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 1.2, vendor: "hitachi", version: "08-00", }, { model: "ucosminexus application server standard", scope: "eq", trust: 1.2, vendor: "hitachi", version: "07-00", }, { model: "esx", scope: "eq", trust: 1.1, vendor: "vmware", version: "4.0", }, { model: "esx", scope: "eq", trust: 1.1, vendor: "vmware", version: "4.1", }, { model: "esx", scope: "eq", trust: 1.1, vendor: "vmware", version: "3.5", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_15", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_18", }, { model: "jdk", scope: "eq", trust: 1, vendor: "sun", version: "1.6.0", }, { model: "jdk", scope: "lte", trust: 1, vendor: "sun", version: "1.5.0", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_6", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_15", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_16", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_28", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_19", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_22", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_21", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_6", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_3", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_25", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_28", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_16", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_22", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_20", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_21", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_25", }, { model: "jre", scope: "lte", trust: 1, vendor: "sun", version: "1.6.0", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_19", }, { model: "jre", scope: "lte", trust: 1, vendor: "sun", version: "1.4.2_29", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_7", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_3", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_2", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_24", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_14", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_5", }, { model: "sdk", scope: "lte", trust: 1, vendor: "sun", version: "1.4.2_29", }, { model: "jdk", scope: "eq", trust: 1, vendor: "sun", version: "1.5.0", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_20", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_24", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_9", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_23", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_7", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_14", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_11", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_23", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_26", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_5", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_9", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_4", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_11", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_26", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_13", }, { model: "jre", scope: "lte", trust: 1, vendor: "sun", version: "1.5.0", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_1", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_4", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_17", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_02", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_1", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_17", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_8", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_10", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_13", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.6.0", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_27", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_10", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_12", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_8", }, { model: "jdk", scope: "lte", trust: 1, vendor: "sun", version: "1.6.0", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_27", }, { model: "sdk", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_12", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.5.0", }, { model: "jre", scope: "eq", trust: 1, vendor: "sun", version: "1.4.2_18", }, { model: "jre 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "sdk 08", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.3.1 22", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jp1/cm2/network node manager starter ed enterprise", scope: "eq", trust: 0.9, vendor: "hitachi", version: "08-00-02", }, { model: "jdk 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "cosminexus application server enterprise )", scope: "eq", trust: 0.9, vendor: "hitachi", version: "06-00", }, { model: "jdk 1.5.0 16", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "sdk 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jdk 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.8", }, { model: "sdk 1.4.2 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.4.2 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "ucosminexus application server enterprise 06-71-/b", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 015", scope: "eq", trust: 0.9, vendor: "sun", version: "1.2.2", }, { model: "jre 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "cosminexus application server standard 06-02-/a", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.6.0 03", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 1.4.2 11", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "cosminexus application server standard 06-51-/a", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "sdk 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.2.1", }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 09", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 27", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-00-03", }, { model: "jre 1.5.0 11", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "cosminexus application server enterprise 06-02-/d", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jdk 007", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.6", }, { model: "jre 1.4.2 12", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 09", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jdk 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.2", }, { model: "sdk 24", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 01a", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.4.2 22", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.6.0 23", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "sdk 1.4.2 27", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 15", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "sdk 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-60", }, { model: "jre .0 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "processing kit for xml", scope: "eq", trust: 0.9, vendor: "hitachi", version: "01-05", }, { model: "jdk 1.5.0 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server enterprise 06-02-/c", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "jre 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 11", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 1.6.0 11", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre .0 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-50-01", }, { model: "jre 1.5.0 17", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.4.2 17", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 24", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.5.0 27", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.3.1 23", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk b 005", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.7", }, { model: "jre 1.6.0 03", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "processing kit for xml 02-05-/a", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jdk 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "cosminexus application server standard )", scope: "eq", trust: 0.9, vendor: "hitachi", version: "06-00", }, { model: "cosminexus application server enterprise 06-50-/f", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "sdk 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 08", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jdk 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "cosminexus application server enterprise 06-51-/a", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-71-/c", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 1.4.2 13", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.5.0 23", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.8", }, { model: "jre 1.3.1 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jdk 1.5.0 26", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jp1/cm2/network node manager starter ed enterprise", scope: "eq", trust: 0.9, vendor: "hitachi", version: "08-10-01", }, { model: "sdk 1.4.2 16", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "processing kit for xml 02-05-/b", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "ucosminexus service platform", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-50", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-10", }, { model: "jre 16", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.3.1 26", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 18", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jdk 11", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre .0 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "sdk .0 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "jre 1.4.2 11", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1", }, { model: "cosminexus application server standard 06-02-/d", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jdk 0 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 10", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server enterprise 06-02-/a", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jdk 1.5.0 27", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "sdk 1.4.2 29", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "sdk 1.4.2 14", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.5.0 14", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.4.2 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "ucosminexus application server standard )", scope: "eq", trust: 0.9, vendor: "hitachi", version: "06-70", }, { model: "jdk 1.5.0 24", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 18", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 1.5.0 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk .0 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-00-03", }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "cosminexus application server standard 06-02-/c", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jdk 1.5.0 13", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jp1/cm2/network node manager", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-10", }, { model: "jre 1.4.2 16", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 1.4.2 17", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 15", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server", scope: "eq", trust: 0.9, vendor: "hitachi", version: "05-00", }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 1.6.0 21", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 15", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.6.0 18", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 1.6.0 22", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jp1/cm2/network node manager starter edition", scope: "eq", trust: 0.9, vendor: "hitachi", version: "25008-00-02", }, { model: "jdk 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "sdk .0 4", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "sdk 1.4.2 28", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 21", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server standard 06-02-/b", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jdk 1.6.0 15", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "sdk .0 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "sdk 1.4.2 12", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.4.2 18", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.4.2 14", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "processing kit for xml", scope: "eq", trust: 0.9, vendor: "hitachi", version: "02-00", }, { model: "jre 1.6.0 02", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server standard 06-50-/f", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.2.1", }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.4.2 15", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server enterprise 06-02-/b", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 15", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "sdk 1.4.2 26", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jp1/cm2/network node manager starter ed enterprise", scope: "eq", trust: 0.9, vendor: "hitachi", version: "08-00-01", }, { model: "jre 1.4.2 29", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jdk 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "ucosminexus client", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-00-03", }, { model: "jre .0 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "jre 13", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "sdk 09", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 13", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "cosminexus application server 05-05-/m", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 1.5.0 26", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 1.4.2 18", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus server web edition", scope: "eq", trust: 0.9, vendor: "hitachi", version: "-04-01", }, { model: "jdk 008", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.8", }, { model: "jdk 08", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.3.1 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 18", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "sdk 1.4.2 22", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-00-01", }, { model: "jre 08", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.2", }, { model: "jdk 1.6.0 02", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 12", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jre 1.6.0 01", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 12", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "ucosminexus operator", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-00-03", }, { model: "jdk 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "sdk 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-50", }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.9, vendor: "hitachi", version: "06-70", }, { model: "jdk 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "sdk 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.2", }, { model: "jre 1.3.1 21", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk 1.4.2 19", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.5.0 12", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "sdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4", }, { model: "jdk 13", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.5.0 13", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 22", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.4.2 19", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre .0 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3", }, { model: "jre 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "jdk 1.6.0 23", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "sdk 1.4.2 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.6.0 19", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-50", }, { model: "jdk 1.5.0 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.4.1", }, { model: "jre 1.5.0 23", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 09", scope: "eq", trust: 0.9, vendor: "sun", version: "1.3.1", }, { model: "cosminexus application server standard 06-51-/b", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-50-01", }, { model: "jdk 1.6.0 22", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "sdk 1.4.2 13", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 09", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.6", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.9, vendor: "hitachi", version: "07-00-01", }, { model: "jdk 1.6.0 18", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 19", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "cosminexus application server enterprise 06-51-/b", scope: null, trust: 0.9, vendor: "hitachi", version: null, }, { model: "jre 007", scope: "eq", trust: 0.9, vendor: "sun", version: "1.2.2", }, { model: "jre 1.6.0 14", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 22", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 009", scope: "eq", trust: 0.9, vendor: "sun", version: "1.1.8", }, { model: "forms", scope: "eq", trust: 0.8, vendor: "ibm", version: "4.0, 3.5", }, { model: "lotus expeditor", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.2", }, { model: "lotus quickr", scope: "eq", trust: 0.8, vendor: "ibm", version: "for websphere portal 8.5, 8.1, 8.0", }, { model: "mashup center", scope: "eq", trust: 0.8, vendor: "ibm", version: "3.0, 2.0, 1.1, 1.0", }, { model: "websphere dashboard framework", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.1, 6.0", }, { model: "lotus activeinsight", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.1, 6.0", }, { model: "lotus connections", scope: "eq", trust: 0.8, vendor: "ibm", version: "3.0, 2.5, 2.0, 1.0", }, { model: "lotus mashups", scope: "eq", trust: 0.8, vendor: "ibm", version: "3.0, 2.0, 1.1, 1.0", }, { model: "lotus sametime advanced", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.0", }, { model: "lotus sametime standard", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.5", }, { model: "lotus sametime unified telephony", scope: "eq", trust: 0.8, vendor: "ibm", version: "8.5.1, 8.0", }, { model: "lotus web content management", scope: "eq", trust: 0.8, vendor: "ibm", version: "7.0, 6.1", }, { model: "lotus workforce management", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.1", }, { model: "websphere portlet factory", scope: "eq", trust: 0.8, vendor: "ibm", version: "7.0, 6.1", }, { model: "workplace web content management", scope: "eq", trust: 0.8, vendor: "ibm", version: "6.0", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "to v6.0 to v6.0.2.43", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "to v6.1 to v6.1.0.35", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "to v7.0 to v7.0.0.13", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "v6.0 to v6.0.2.43", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "v6.1 to v6.1.0.35", }, { model: "websphere application server", scope: "eq", trust: 0.8, vendor: "ibm", version: "v7.0 to v7.0.0.13", }, { model: "esx", scope: "eq", trust: 0.8, vendor: "vmware", version: "3.0.3", }, { model: "esxi", scope: null, trust: 0.8, vendor: "vmware", version: null, }, { model: "vcenter", scope: "eq", trust: 0.8, vendor: "vmware", version: "4.0 (windows)", }, { model: "vcenter", scope: "eq", trust: 0.8, vendor: "vmware", version: "4.1 (windows)", }, { model: "vcenter", scope: "eq", trust: 0.8, vendor: "vmware", version: "5.0 (windows)", }, { model: "virtualcenter", scope: "eq", trust: 0.8, vendor: "vmware", version: "2.5 (windows)", }, { model: "vsphere update manager", scope: "eq", trust: 0.8, vendor: "vmware", version: "4.0 (windows)", }, { model: "vsphere update manager", scope: "eq", trust: 0.8, vendor: "vmware", version: "4.1 (windows)", }, { model: "vsphere update manager", scope: "eq", trust: 0.8, vendor: "vmware", version: "5.0 (windows)", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "v10.5.8", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "v10.6.6", }, { model: "mac os x server", scope: "eq", trust: 0.8, vendor: "apple", version: "v10.5.8", }, { model: "mac os x server", scope: "eq", trust: 0.8, vendor: "apple", version: "v10.6.6", }, { model: "iplanet web server", scope: "eq", trust: 0.8, vendor: "oracle", version: "6.1", }, { model: "iplanet web server", scope: "eq", trust: 0.8, vendor: "oracle", version: "7.0", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "3 (x86)", }, { model: "asianux server", scope: "eq", trust: 0.8, vendor: "cybertrust", version: "3 (x86-64)", }, { model: "jdk", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "5.0 update 27", }, { model: "jdk", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "6 update 23", }, { model: "jre", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "1.4.2_29", }, { model: "jre", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "5.0 update 27", }, { model: "jre", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "6 update 23", }, { model: "sdk", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "1.4.2_29", }, { model: "hp systems insight manager", scope: "lt", trust: 0.8, vendor: "hewlett packard", version: "7.0", }, { model: "hp tru64 unix", scope: "lte", trust: 0.8, vendor: "hewlett packard", version: "running j2se v 1.42-9", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.11", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.23", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.23 (ia)", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.23 (pa)", }, { model: "hp-ux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "11.31", }, { model: "hp-ux tomcat-based servlet engine", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "5.5.30.04", }, { model: "enterprise linux", scope: "eq", trust: 0.8, vendor: "red hat", version: "5 (server)", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.8, vendor: "red hat", version: "5.0 (client)", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "enterprise linux extras", scope: "eq", trust: 0.8, vendor: "red hat", version: "4 extras", }, { model: "enterprise linux extras", scope: "eq", trust: 0.8, vendor: "red hat", version: "4.8.z extras", }, { model: "enterprise linux hpc node", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "enterprise linux hpc node supplementary", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "enterprise linux server", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "enterprise linux server supplementary", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "enterprise linux workstation supplementary", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "rhel desktop supplementary", scope: "eq", trust: 0.8, vendor: "red hat", version: "5 (client)", }, { model: "rhel desktop supplementary", scope: "eq", trust: 0.8, vendor: "red hat", version: "6", }, { model: "rhel desktop workstation", scope: "eq", trust: 0.8, vendor: "red hat", version: "5 (client)", }, { model: "rhel supplementary", scope: "eq", trust: 0.8, vendor: "red hat", version: "5 (server)", }, { model: "systemdirector enterprise", scope: null, trust: 0.8, vendor: "nec", version: null, }, { model: "cosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "enterprise version 6", }, { model: "cosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "standard version 6", }, { model: "cosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 5", }, { model: "cosminexus client", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 6", }, { model: "cosminexus collaboration", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- server", }, { model: "cosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "light version 6", }, { model: "cosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "professional version 6", }, { model: "cosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "standard version 6", }, { model: "cosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 5", }, { model: "cosminexus server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- standard edition version 4", }, { model: "cosminexus server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web edition version 4", }, { model: "cosminexus studio", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- standard edition version 4", }, { model: "cosminexus studio", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web edition version 4", }, { model: "cosminexus studio", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 5", }, { model: "groupmax collaboration", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- server", }, { model: "hirdb realtime monitor", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "developer's kit for java", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "device manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "global link manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "it operations analyzer", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "it operations director", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "provisioning manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "replication manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "tiered storage manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "tuning manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "job management partner 1/automatic job management system 2", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web operation assistant( english edition )", }, { model: "job management partner 1/automatic job management system 2", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web operation assistant/ex( english edition )", }, { model: "job management partner 1/automatic job management system 3", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web operation assistant( english edition )", }, { model: "job management partner 1/performance management - web console", scope: "eq", trust: 0.8, vendor: "hitachi", version: "( overseas edition )", }, { model: "jp1/automatic job management system 2", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web operation assistant", }, { model: "jp1/automatic job management system 3", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web operation assistant", }, { model: "jp1/cm2/network node manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "none", }, { model: "jp1/cm2/network node manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "i", }, { model: "jp1/cm2/network node manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "i advanced", }, { model: "jp1/cm2/network node manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "starter edition 250", }, { model: "jp1/cm2/network node manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "starter edition enterprise", }, { model: "jp1/cm2/snmp system observer", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/hicommand device manager", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/hicommand provisioning manager", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/hicommand replication monitor", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/hicommand tiered storage manager", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/hicommand tuning manager", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jp1/integrated management", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- service support", }, { model: "jp1/it resource management", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- manager", }, { model: "jp1/performance management", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web console", }, { model: "jp1/performance management", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- web console( overseas edition )", }, { model: "jp1/serverconductor/control manager", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "processing kit for xml", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "enterprise", }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "standard", }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "standard-r", }, { model: "ucosminexus client", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus collaboration", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- server", }, { model: "ucosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "light", }, { model: "ucosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "professional", }, { model: "ucosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "standard", }, { model: "ucosminexus navigation", scope: "eq", trust: 0.8, vendor: "hitachi", version: "developer", }, { model: "ucosminexus navigation", scope: "eq", trust: 0.8, vendor: "hitachi", version: "platform", }, { model: "ucosminexus navigation", scope: "eq", trust: 0.8, vendor: "hitachi", version: "platform - authoring license", }, { model: "ucosminexus navigation", scope: "eq", trust: 0.8, vendor: "hitachi", version: "platform - user license", }, { model: "ucosminexus operator", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus portal framework", scope: "eq", trust: 0.8, vendor: "hitachi", version: "entry set", }, { model: "ucosminexus reporting base", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus service", scope: "eq", trust: 0.8, vendor: "hitachi", version: "architect", }, { model: "ucosminexus service", scope: "eq", trust: 0.8, vendor: "hitachi", version: "platform", }, { model: "ucosminexus stream data platform", scope: "eq", trust: 0.8, vendor: "hitachi", version: "none", }, { model: "ucosminexus stream data platform", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- application framework", }, { model: "electronic form workflow", scope: "eq", trust: 0.8, vendor: "hitachi", version: "standard set", }, { model: "electronic form workflow", scope: "eq", trust: 0.8, vendor: "hitachi", version: "set", }, { model: "electronic form workflow", scope: "eq", trust: 0.8, vendor: "hitachi", version: "developer client set", }, { model: "electronic form workflow", scope: "eq", trust: 0.8, vendor: "hitachi", version: "developer set", }, { model: "electronic form workflow", scope: "eq", trust: 0.8, vendor: "hitachi", version: "professional library set", }, { model: "internet navigware server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage application development cycle manager", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage application framework suite", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage application server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage apworks", scope: "eq", trust: 0.8, vendor: "fujitsu", version: "server operation package", }, { model: "interstage business application server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage job workload server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage list works", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage service integrator", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage web server", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "interstage xml business activity recorder", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "systemwalker availability view", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "systemwalker centric manager", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "systemwalker it change manager", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "systemwalker it process master", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "systemwalker resource coordinator", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "systemwalker service quality coordinator", scope: null, trust: 0.8, vendor: "fujitsu", version: null, }, { model: "jre 005", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus application server enterprise 06-71-/d", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-71-/b", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-03", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-60", }, { model: "ucosminexus application server standard )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-10", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "cosminexus application server enterprise )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-51", }, { model: "jre .0 01", scope: "eq", trust: 0.6, vendor: "sun", version: "1.4", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-50-04", }, { model: "cosminexus application server 05-00-/i", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 01-b06", scope: "eq", trust: 0.6, vendor: "sun", version: "1.6", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-11", }, { model: "jdk 003", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.1", }, { model: "ucosminexus application server standard 06-72-/b", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus service architect", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00-02", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-04", }, { model: "ucosminexus application server enterprise 06-70-/n", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-10-05", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-01", }, { model: "jre 12", scope: "eq", trust: 0.6, vendor: "sun", version: "1.4.2", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00", }, { model: "cosminexus application server enterprise 06-00-/f", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter ed enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-10", }, { model: "jdk", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.0-06", }, { model: "cosminexus application server 05-00-/a", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jre 1.5.0.0 09", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.0-00", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00", }, { model: "ucosminexus application server standard 06-71-/g", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-11-03", }, { model: "jp1/cm2/network node manager starter edition", scope: "eq", trust: 0.6, vendor: "hitachi", version: "25008-00", }, { model: "ucosminexus application server enterprise 06-71-/h", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-50-03", }, { model: "ucosminexus application server standard 06-71-/c", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-71-/a", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "jdk 06", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-10", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-02", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-04", }, { model: "cosminexus application server 05-05-/l", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-51", }, { model: "jre 1.4.2 28", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "cosminexus application server 05-00-/b", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-71-/h", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "processing kit for xml 01-05-/c", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jre 007", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "jre 1.3.1 16", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "ucosminexus service architect", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "jdk .0 04", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "ucosminexus application server standard )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00", }, { model: "jre 1.3.1 28", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "ucosminexus operator", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "cosminexus application server 05-05-/j", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 005", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "cosminexus application server enterprise 06-51-/e", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus operator", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "jre", scope: "eq", trust: 0.6, vendor: "sun", version: "1.3", }, { model: "cosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-51", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00-02", }, { model: "replication manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-10-01", }, { model: "cosminexus application server 05-00-/c", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "jre 1.3.1 15", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "replication manager software )", scope: "ne", trust: 0.6, vendor: "hitachi", version: "7.3-00", }, { model: "ucosminexus application server standard 06-70-/n", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "ucosminexus application server standard 06-72-/d", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-02", }, { model: "cosminexus application server standard 06-51-/d", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 1.5.0.0 08", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jre .0 04", scope: "eq", trust: 0.6, vendor: "sun", version: "1.3", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-71", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "cosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-02", }, { model: "jdk 006", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "processing kit for xml 02-00-/d", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "ucosminexus service platform )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-51", }, { model: "processing kit for xml )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "02-05", }, { model: "jp1/cm2/snmp system observer", scope: "eq", trust: 0.6, vendor: "hitachi", version: "09-00", }, { model: "jdk 05", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "cosminexus application server enterprise 06-51-/c", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 007", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-02", }, { model: "ucosminexus application server standard 06-70-/h", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-02", }, { model: "jre b 07", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.7", }, { model: "jdk .0 03", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "jdk 1.5.0 12", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "replication manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-01", }, { model: "ucosminexus application server enterprise 06-71-/g", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-00-/i", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "replication manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "ucosminexus client", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00-02", }, { model: "jdk 10", scope: "eq", trust: 0.6, vendor: "sun", version: "1.4.2", }, { model: "jre 1.3.1 17", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jre 12", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus operator", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "jre 1.6.0 2", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-01", }, { model: "cosminexus application server standard 06-51-/c", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-00-/h", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-00-/g", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "cosminexus application server enterprise 06-51-/d", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jre 1.4.2 27", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 11", scope: "eq", trust: 0.6, vendor: "sun", version: "1.4.2", }, { model: "jdk 07-b03", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "jdk 06", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-71", }, { model: "jre b 007", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.7", }, { model: "ucosminexus client", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "jre 01", scope: "eq", trust: 0.6, vendor: "sun", version: "1.3", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00-02", }, { model: "cosminexus application server standard 06-02-/f", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-05-/o", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-03", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "jp1/cm2/network node manager starter edition", scope: "eq", trust: 0.6, vendor: "hitachi", version: "25008-10", }, { model: "jre 1.5.0.0 08", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "cosminexus application server enterprise 06-02-/e", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 002", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "jre 1.3.1 19", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jre 008", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "processing kit for xml", scope: "eq", trust: 0.6, vendor: "hitachi", version: "02-05", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "jp1/cm2/network node manager starter ed enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00", }, { model: "jdk 1.5.0.0 12", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "jre 1.3.1 18", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "ucosminexus application server standard 06-71-/d", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 004", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-10-01", }, { model: "cosminexus application server enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-51", }, { model: "ucosminexus client", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "jdk 009", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.6", }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00", }, { model: "cosminexus application server enterprise 06-02-/f", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-70-/b )", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk 004", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.1", }, { model: "ucosminexus application server standard )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-60", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-10-06", }, { model: "ucosminexus application server enterprise 06-71-/a", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-00-/h", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jdk b 007", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.7", }, { model: "jdk 1.5.0.0 09", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "cosminexus application server standard 06-00-/g", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-00-/f", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-01", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-50", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-03-02", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-10-06", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-10", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-02", }, { model: "ucosminexus client", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "08-00-02", }, { model: "cosminexus application server enterprise 06-00-/i", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "jdk 1.5.0.0 11", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 11-b03", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-09", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-11-04", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-01", }, { model: "jre 012", scope: "eq", trust: 0.6, vendor: "sun", version: "1.2.2", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.6, vendor: "hitachi", version: "07-00-10", }, { model: "jre 005", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "cosminexus application server enterprise )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-50", }, { model: "cosminexus application server standard )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "06-50", }, { model: "cosminexus application server standard 06-02-/e", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-05-/k", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "cosminexus application server standard 06-51-/e", scope: null, trust: 0.6, vendor: "hitachi", version: null, }, { model: "jre 1.5.0.0 07", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 1.6.0 01", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jre 009", scope: "eq", trust: 0.6, vendor: "sun", version: "1.1.8", }, { model: "jre 1.6.0 20", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "tivoli dynamic workload broker", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "virtual i/o server", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "cosminexus developer professional 06-02-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jboss enterprise web server for rhel es", scope: "eq", trust: 0.3, vendor: "redhat", version: "41.0", }, { model: "tiered storage manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "cosminexus application server 05-00-/m", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6", }, { model: "ucosminexus application server standard )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "processing kit for xml 01-07-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50", }, { model: "interstage application server plus", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "7.0.1", }, { model: "cognos business intelligence fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "88.4.1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.4", }, { model: "cosminexus developer light 06-50-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "device manager software (linux(sles", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "processing kit for xml 01-07-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netcool omnibus web gui", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "cosminexus application server 05-02-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-72-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "enterprise linux as extras", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "replication manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-01", }, { model: "cognos workforce performance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "ucosminexus developer professional 06-70-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-50-02", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-02", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.17", }, { model: "cosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-02", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "8.1", }, { model: "cosminexus developer 05-05-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.55", }, { model: "ucosminexus developer standard 06-70-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-00-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos customer performance analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "cosminexus developer 05-05-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.19", }, { model: "ucosminexus application server enterprise 06-70-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-50-01", }, { model: "cosminexus server web edition 04-00-/a", scope: "eq", trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-00-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-50-/c (solari", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00-02", }, { model: "cosminexus developer light 06-02-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "tivoli workload scheduler", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "provisioning manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.2", }, { model: "systemwalker availability view enterprise edition 13.3.0a", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "os/400 v5r4m0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "device manager software (linux(sles", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "cosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-50", }, { model: "cosminexus developer standard 06-51-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk 01", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.1", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.107", }, { model: "cosminexus application server enterprise 06-02-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-00-/r", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-02", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0.5", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-01", }, { model: "tivoli netcool performance manager for wireless", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-72", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "cosminexus developer professional 06-51-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50-01", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1", }, { model: "cognos mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tivoli foundations for application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "cosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-50", }, { model: "cosminexus application server standard 06-51-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "hp-ux web server suite", scope: "ne", trust: 0.3, vendor: "hp", version: "3.14", }, { model: "linux enterprise sdk sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "cosminexus developer 05-05-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.18", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "1.2", }, { model: "cosminexus application server 05-01-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-50-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jboss enterprise soa platform", scope: "eq", trust: 0.3, vendor: "redhat", version: "5.0.2", }, { model: "jboss enterprise portal platform", scope: "eq", trust: 0.3, vendor: "redhat", version: "5.1.0", }, { model: "cosminexus developer standard 06-51-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.35", }, { model: "tivoli composite application manager for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "jre b", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.7", }, { model: "ucosminexus developer standard 06-71-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.14", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0.3", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2010.0", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-03", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-03", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-30", }, { model: "cosminexus developer light 06-51-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2009.0", }, { model: "tivoli workload scheduler", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "websphere application server community edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.4", }, { model: "jre .0 01", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-01", }, { model: "linux armel", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "jp1/hicommand provisioning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-30", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.22", }, { model: "ucosminexus developer light 06-71-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli enterprise console", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "jdk 1.5.0 11", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cosminexus developer professional 06-00-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.128", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-01", }, { model: "jdk 09", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.6", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5", }, { model: "it operations director", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-50-06", }, { model: "cosminexus application server enterprise 06-50-c (solaris", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.10", }, { model: "jrockit r28.0.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "8.0.2", }, { model: "ucosminexus client 06-70-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre 12", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "cosminexus application server standard 06-51-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netcool performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "cognos impromptu web reports", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-02", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "jdk 1.5.0.0 06", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "cosminexus developer standard 06-00-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard 06-02-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter edition enterprise hp-ux", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-10-02", }, { model: "reflection for secure it unix server sp1", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.0", }, { model: "cosminexus developer professional 06-00-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "04-00", }, { model: "interstage application server standard-j edition 9.1.0b", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00(x64))", }, { model: "cosminexus developer light 06-02-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "conferencing standard edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3-2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.18", }, { model: "tru64 unix 5.1b-4", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.2", }, { model: "vcenter update manager update", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.11", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.2", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "ucosminexus developer standard 06-70-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "interstage application server plus", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "6.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.11", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.5", }, { model: "cosminexus developer professional 06-51-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0.1", }, { model: "vcenter update manager", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.0", }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "cognos express", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "tuning manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "jrockit r28.1.1", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "identity manager remote loader", scope: "eq", trust: 0.3, vendor: "novell", version: "3.6.1", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.5", }, { model: "cosminexus application server standard 06-51-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-30", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "processing kit for xml )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-00", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-02", }, { model: "tivoli workload scehdule z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "cosminexus studio web edition 04-01-/a", scope: "eq", trust: 0.3, vendor: "hitachi", version: null, }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.401", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.126", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "7.0", }, { model: "cosminexus developer 05-05-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional 06-70-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "ucosminexus client 06-70-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.018", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.019", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.3", }, { model: "enterprise linux hpc node optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "cosminexus developer professional 06-00-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.6", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.22", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-02", }, { model: "enterprise linux server supplementary", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-01", }, { model: "identity manager roles based provisioning module", scope: "eq", trust: 0.3, vendor: "novell", version: "3.6.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.23", }, { model: "cosminexus developer professional 06-00-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk 1.5.0 11-b03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "tivoli network manager ip edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8", }, { model: "cosminexus developer light 06-00-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-02-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "nonstop server", scope: "eq", trust: 0.3, vendor: "hp", version: "6", }, { model: "provisioning manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "cosminexus developer 05-05-/o", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "reflection for secure it windows server sp1", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.0", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-06", }, { model: "jre 007", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.6", }, { model: "replication manager software -00 )", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.3", }, { model: "enterprise linux workstation supplementary", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "cosminexus developer professional 06-02-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-50-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional 06-70-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.25", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2010.0", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-60", }, { model: "ucosminexus client 06-70-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.10", }, { model: "ucosminexus developer standard 06-71-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-03", }, { model: "jre 15", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2009.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "cosminexus developer light 06-51-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3-1", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jboss enterprise web platform for rhel server", scope: "eq", trust: 0.3, vendor: "redhat", version: "55", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-40", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "cosminexus developer light 06-00-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-50-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jboss enterprise web platform for rhel 4as", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "cosminexus developer professional 06-51-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-10", }, { model: "jdk 04", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "ucosminexus service platform )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "tiered storage manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "ucosminexus developer light 06-70-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus client 06-51-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-00(x64))", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-01", }, { model: "ewas", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.138", }, { model: "cosminexus developer 05-01-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.18", }, { model: "cosminexus developer 05-01-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli management framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.3.1", }, { model: "cosminexus application server enterprise 06-51-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-60", }, { model: "cosminexus developer light 06-51-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "hp-ux web server suite", scope: "ne", trust: 0.3, vendor: "hp", version: "2.33", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.4", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "cosminexus application server enterprise 06-51-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli federated identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1", }, { model: "jp1/cm2/network node manager starter ed enterprise hp-ux", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00-03", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.14", }, { model: "jre 07", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.1", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.30", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.4", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.3", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "cosminexus developer 05-01-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-01", }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "09-80", }, { model: "reflection for secure it unix client", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.2", }, { model: "cosminexus developer light 06-51-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tiered storage manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-10", }, { model: "cosminexus developer 05-01-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "cosminexus developer professional 06-00-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux enterprise java sp1", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "jre 009", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.6", }, { model: "jre 1.5.0 08", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cosminexus developer light 06-51-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-02", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-03", }, { model: "jp1/hicommand provisioning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-90", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.13", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.15", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0", }, { model: "cosminexus developer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "5", }, { model: "desktop extras", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "ucosminexus application server enterprise 06-70-/a (windows(ip", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-02", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-05", }, { model: "jre b 005", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.7", }, { model: "tiered storage manager software (linux(sles", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.29", }, { model: "jboss enterprise application platform for rhel 4as", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "websphere application server community edition", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.1.1.5", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "tivoli configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "cosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-50", }, { model: "jdk update21", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "jre 11", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "replication manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "esx patch esx400-201", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.0", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2.0-00", }, { model: "netcool/omnibus fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.020", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.8", }, { model: "cosminexus application server 05-01-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional 06-51-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.20", }, { model: "cosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-51", }, { model: "conferencing standard edition", scope: "ne", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "identity manager designer", scope: "eq", trust: 0.3, vendor: "novell", version: "4.0", }, { model: "cosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-00", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50", }, { model: "cosminexus developer 05-05-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre 21", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "enterprise linux hpc node", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.2", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.7", }, { model: "linux enterprise java sp4", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "tivoli directory server 6.1.0.5-tiv-itds-if0", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "virtualcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.56", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.115", }, { model: "ewas", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.139", }, { model: "tomcat beta", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0", }, { model: "tivoli workload scheduler", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cosminexus developer professional 06-50-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.102", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "systemwalker availability view enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "13.3", }, { model: "websphere mq file transfer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.2", }, { model: "cosminexus studio 05-00-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-00-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional 06-71-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.15", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.3.0-00", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "systemwalker it process master standard edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "13.3.1", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.103", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-03", }, { model: "ucosminexus developer professional 06-71-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-02", }, { model: "linux m68k", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.56", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "cosminexus developer standard 06-50-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "jrockit r27.6.0-50", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.015", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50", }, { model: "cosminexus application server 05-02-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-50", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "virtualcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.55", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "11.3", }, { model: "jdk 01", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6", }, { model: "reflection suite for", scope: "eq", trust: 0.3, vendor: "attachmate", version: "x2011", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.7", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "cosminexus studio 05-01-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "hp-ux web server suite", scope: "eq", trust: 0.3, vendor: "hp", version: "2.32", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.6", }, { model: "ucosminexus application server enterprise 06-70-/a linux )", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jrockit r27.6.5", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.222", }, { model: "jdk 03", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "device manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-02", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.5", }, { model: "ucosminexus developer professional 06-70-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "jboss enterprise application platform el4", scope: "eq", trust: 0.3, vendor: "redhat", version: "4.3", }, { model: "processing kit for xml 02-00-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.4", }, { model: "ucosminexus application server enterprise 06-71-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer light 06-71-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional 06-71-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.21", }, { model: "linux enterprise server sp4", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.3.1", }, { model: "cosminexus application server standard 06-50-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-51-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "enterprise linux extras", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.6", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "vcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.03", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.5-00", }, { model: "rational clearcase", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "cosminexus application server enterprise 06-50-/c (hp-ux(", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-70-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional 06-00-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk 14", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.4", }, { model: "cosminexus application server 05-02-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.2", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "cosminexus developer standard 06-50-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos supply chain performance analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.27", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.105", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tomcat", scope: "ne", trust: 0.3, vendor: "apache", version: "7.0.8", }, { model: "ucosminexus application server enterprise 06-70-/m", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "network satellite server (for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "5)5.4", }, { model: "tivoli federated identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "jre 10", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.001", }, { model: "tivoli composite application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.3", }, { model: "jdk update24", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "cosminexus application server 05-02-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk 02", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "tru64 unix pk6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.9", }, { model: "jp1/hicommand provisioning manager )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-10", }, { model: "tiered storage manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "enterprise linux desktop supplementary", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "jp1/cm2/network node manager starter edition enterprise hp-ux pa-ri", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-10-02", }, { model: "cosminexus application server 05-01-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50-02", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.3", }, { model: "replication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "jre 21", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.19", }, { model: "cosminexus developer standard 06-51-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "os/400 v6r1m0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "cosminexus developer standard 06-02-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional 06-50-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "replication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "jdk 1.5.0.0 04", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "interstage business application server standard edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "8.0", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-71", }, { model: "tivoli foundations for application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "db2 fix pack 3a", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.110", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-20", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.6", }, { model: "cognos business viewpoint", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "jboss enterprise application platform for rhel server", scope: "eq", trust: 0.3, vendor: "redhat", version: "55", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-02", }, { model: "cosminexus developer 05-01-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "cosminexus developer light 06-51-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli federated identity manager", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.2.0.9", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "88.4.1", }, { model: "hp-ux web server suite", scope: "eq", trust: 0.3, vendor: "hp", version: "3.13", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.04", }, { model: "processing kit for xml", scope: "eq", trust: 0.3, vendor: "hitachi", version: "01-07", }, { model: "cosminexus developer 05-01-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "04-00", }, { model: "ucosminexus client 06-71-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "tuning manager software (solaris(sp", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-03", }, { model: "enterprise linux for sap server", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50-02", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-30", }, { model: "tru64 unix b-3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1.0", }, { model: "processing kit for xml 02-00-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard 06-00-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "runtimes for java technology", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.5", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.013", }, { model: "jdk 1.3.1 20", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "cosminexus developer 05-05-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-00-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "cosminexus developer light 06-51-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "enterprise server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "jdk 07", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "vcenter update manager", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.1", }, { model: "cosminexus studio 05-05-/q", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "novell", version: "3.1", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-10-04", }, { model: "cosminexus developer professional 06-00-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-00-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "replication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-01", }, { model: "cosminexus developer light 06-00-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard hp-ux", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "jre 07", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.1", }, { model: "virtualcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.52", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jp1/cm2/network node manager starter edition hp-ux", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00-03", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1", }, { model: "cosminexus application server 05-00-/p", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer 05-05-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-20", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.2", }, { model: "provisioning manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.3.0-00", }, { model: "cosminexus application server", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-01", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.4", }, { model: "jdk update13", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.5", }, { model: "tivoli netcool portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "04-00", }, { model: "ucosminexus application server standard 06-70-/a (windows(ip", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.12", }, { model: "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00-01", }, { model: "tivoli directory server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "tivoli workload scheduler", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "cognos metrics", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "jrockit r28.0.1", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "tivoli netview for z/os", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.0", }, { model: "jdk update19", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "interstage application server plus", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "5.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "processing kit for xml 01-05-/b (windows(en", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.21", }, { model: "cosminexus developer light 06-02-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli federated identity manager business gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-02", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-40", }, { model: "cosminexus developer 05-05-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-51", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-10", }, { model: "cosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-00", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-60-01", }, { model: "jp1/hicommand provisioning manager (solaris(sparc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-30", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.30", }, { model: "reflection", scope: "eq", trust: 0.3, vendor: "attachmate", version: "x2011", }, { model: "ucosminexus developer light 06-71-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netcool portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.16", }, { model: "totalstorage ds8300", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1", }, { model: "cosminexus developer standard 06-50-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-00", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.31", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.3", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.31", }, { model: "virtualcenter 2.5.update build", scope: "eq", trust: 0.3, vendor: "vmware", version: "31", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-02", }, { model: "cosminexus developer light 06-50-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jboss enterprise web server for rhel as", scope: "eq", trust: 0.3, vendor: "redhat", version: "41.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.30", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.14", }, { model: "cosminexus developer professional 06-02-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-71", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.19", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.117", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "virtualcenter", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.5", }, { model: "jrockit r27.6.7", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "jdk b", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.7", }, { model: "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-10", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "vcenter", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.0", }, { model: "ucosminexus developer standard 06-71-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre 10-b03", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "jrockit r27.6.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-10-02", }, { model: "cosminexus developer professional 06-51-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tru64 unix b-4", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1.0", }, { model: "jre 07", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-40", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.8", }, { model: "cosminexus developer professional 06-02-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.23", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-10", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.4", }, { model: "cosminexus developer light 06-00-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.10", }, { model: "replication manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.3.0-00", }, { model: "cosminexus application server 05-01-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.11", }, { model: "jp1/cm2/network node manager starter ed enterprise )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-10", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-10-03", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.13", }, { model: "cosminexus application server 05-01-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0", }, { model: "tivoli storage manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "cosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-51", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00", }, { model: "aura conferencing sp1 standard", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.17", }, { model: "provisioning manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "jp1/cm2/network node manager starter edition hp-ux(pa-ri", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-10-12", }, { model: "ucosminexus client 06-71-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-00", }, { model: "tivoli netcool reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.1", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-02", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-12", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-08", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.2", }, { model: "processing kit for xml", scope: "eq", trust: 0.3, vendor: "hitachi", version: "01-00", }, { model: "linux enterprise desktop sp1", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-0", }, { model: "tuning manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-03", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-03", }, { model: "jre 04", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "ucosminexus developer professional 06-71-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus client 06-71-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "provisioning manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "jdk 02", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "reflection for secure it unix client", scope: "eq", trust: 0.3, vendor: "attachmate", version: "6.0", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50", }, { model: "rational clearquest", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "provisioning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "ucosminexus developer professional 06-71-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "enterprise linux desktop optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "enterprise linux hpc node supplementary", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "enterprise linux desktop supplementary client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "ucosminexus developer standard 06-70-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "it operations analyzer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-51", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0", }, { model: "jdk update17", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "ucosminexus developer professional 06-70-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager i", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.26", }, { model: "cosminexus developer 05-05-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "runtimes for java technology sr12 fp", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.04", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.119", }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.221", }, { model: "sdk 02", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.8", }, { model: "cosminexus application server standard 06-51-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-72(*1)", }, { model: "tivoli composite application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.1", }, { model: "hp-ux web server suite", scope: "eq", trust: 0.3, vendor: "hp", version: "3.12", }, { model: "cosminexus developer standard 06-50-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk 0 03", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "cognos query", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "cosminexus developer professional 06-50-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.1", }, { model: "jdk update20", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "jp1/cm2/snmp system observer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jp1/serverconductor/control manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0.2", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "1.1-1", }, { model: "cosminexus developer professional 06-51-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "aura conferencing standard", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "tiered storage manager software (solaris(sp", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "cognos finance", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "7.0.1", }, { model: "jp1/cm2/network node manager starter edition windows", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00-03", }, { model: "ucosminexus application server standard 06-70-/m", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus client 06-00-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-00-/s", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "ucosminexus application server enterprise 06-72-/b )", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux enterprise for sap applications sp1", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "linux hppa", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-02", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.3", }, { model: "replication manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-60", }, { model: "proactive contact", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0.4", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "processing kit for xml", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jdk 20", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50-03", }, { model: "cosminexus developer light 06-50-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "vcenter update", scope: "ne", trust: 0.3, vendor: "vmware", version: "4.12", }, { model: "cosminexus developer 05-05-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise 06-70-/o", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer 05-01-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional 06-02-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard 06-00-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jboss enterprise soa platform cp04", scope: "eq", trust: 0.3, vendor: "redhat", version: "4.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.04", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.06", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "cosminexus developer 05-05-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos powerplay", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "sdk 01", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "processing kit for xml (windows(engli", scope: "eq", trust: 0.3, vendor: "hitachi", version: "01-05", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tivoli netcool performance manager technology pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "jp1/hicommand provisioning manager (solaris(sparc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-90", }, { model: "jre 1.5.0 09-b03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "job management partner 1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-0", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.1", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-06", }, { model: "tivoli federated identity manager business gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "cosminexus developer standard 06-51-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.10", }, { model: "cosminexus developer light 06-02-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "cosminexus developer light 06-02-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.1", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-04(x64))", }, { model: "linux enterprise sp4", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "rational clearcase", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.1.5", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "device manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "jboss enterprise web server for rhel server", scope: "eq", trust: 0.3, vendor: "redhat", version: "51.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2010.1", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "jdk 13", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.12", }, { model: "cosminexus application server 05-01-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "provisioning manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-01", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "jdk 08", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-02", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "identity manager analyzer", scope: "eq", trust: 0.3, vendor: "novell", version: "1.2", }, { model: "openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.27", }, { model: "reflection for secure it unix server sp1", scope: "ne", trust: 0.3, vendor: "attachmate", version: "7.2", }, { model: "virtualcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.54", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.2", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-70", }, { model: "tivoli federated identity manager business gateway", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.2.0.9", }, { model: "identity manager designer", scope: "eq", trust: 0.3, vendor: "novell", version: "3.5.1", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "8.0", }, { model: "jrockit r27.1.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "application manager for smart business", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "ucosminexus application server standard 06-70-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard 06-71-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "enterprise linux supplementary server", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.18", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.4", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-00", }, { model: "cosminexus application server standard 06-51-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-90", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jboss enterprise application platform el5", scope: "eq", trust: 0.3, vendor: "redhat", version: "4.3", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-60", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.127", }, { model: "jre 18", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.111", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.31", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.118", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "cosminexus studio 05-05-/p", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "provisioning manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.124", }, { model: "enterprise linux desktop client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "interstage software quality analyzer", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "10.0", }, { model: "device manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "jrockit r27.6.6", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.012", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-20", }, { model: "jre 05a", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "it operations analyzer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-51-01", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.16", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.402", }, { model: "jrockit r27.6.8", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "6.0", }, { model: "cosminexus developer light 06-51-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "netcool/omnibus fix pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.3.120", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.19", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.33", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.5", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "tomcat", scope: "ne", trust: 0.3, vendor: "apache", version: "6.0.32", }, { model: "jre 003", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "jdk 15", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-02", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "ucosminexus application server enterprise hp-ux )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "cosminexus developer professional 06-51-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-01-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jboss enterprise application platform for rhel 4es", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "ucosminexus developer light 06-70-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5", }, { model: "linux alpha", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "ucosminexus developer light 06-70-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "reflection for secure it windows server sp1", scope: "ne", trust: 0.3, vendor: "attachmate", version: "7.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.17", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-71", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-11-02", }, { model: "ucosminexus application server enterprise hp-ux )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "jre 099", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.12", }, { model: "jp1/cm2/network node manager starter edition enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-10-02", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.3.0-00", }, { model: "jre beta", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-01", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-51-01", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-70", }, { model: "cognos visualizer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.11", }, { model: "cosminexus developer light 06-02-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-02-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "it operations director", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-50-01", }, { model: "jrockit r27.6.4", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "cognos financial performance analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tivoli storage productivity center fix pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "4.2.14", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "11.2", }, { model: "cosminexus developer 05-01-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.015", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-20", }, { model: "cosminexus developer standard 06-00-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-51-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer 05-01-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.106", }, { model: "cosminexus studio web edition 04-00-/a", scope: "eq", trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos powerplay", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "cosminexus developer 05-05-/q", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter edition )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-10", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2010.1", }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.219", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "cosminexus application server 05-01-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos noticecast", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.125", }, { model: "sentinel support pack", scope: "eq", trust: 0.3, vendor: "novell", version: "6.12", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "1.0", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-01", }, { model: "cosminexus developer standard 06-51-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli storage manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "cosminexus application server standard 06-50-/c (hp-ux(", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0.4", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "interstage application server plus", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "7.0", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "cosminexus application server 05-00-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.6", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.5", }, { model: "jdk 1.4.2 11", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-30", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-60-01", }, { model: "jre 14", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "ucosminexus developer light 06-70-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter edition solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00-03", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.2", }, { model: "jre 13", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "ucosminexus application server enterprise 06-70-/g )", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/automatic job management system web operation assistant", scope: "eq", trust: 0.3, vendor: "hitachi", version: "3-0", }, { model: "jdk 12", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "tivoli directory server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "enterprise linux workstation optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "cognos metrics", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "jp1/it resource management-manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "ucosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-70", }, { model: "cosminexus developer professional 06-51-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-00", }, { model: "reflection for secure it windows server", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.2", }, { model: "jdk 11", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "jp1/cm2/network node manager starter ed enterprise )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00", }, { model: "jp1/cm2/network node manager starter edition (hp-ux(pa-r", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00-02", }, { model: "provisioning manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "jdk update23", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "linux enterprise server sp1", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.3", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.12", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.03", }, { model: "cognos web services", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.16", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.6", }, { model: "jre 28", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "device manager software (solaris(sp", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-72", }, { model: "cosminexus studio standard edition", scope: "eq", trust: 0.3, vendor: "hitachi", version: "4", }, { model: "db2 fixpak", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.55", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.4", }, { model: "db2 fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.51", }, { model: "cosminexus developer standard 06-50-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00", }, { model: "cosminexus developer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-01", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.9", }, { model: "cosminexus application server 05-00-/q", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-10-01", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "reflection for secure it unix server", scope: "eq", trust: 0.3, vendor: "attachmate", version: "6.0", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.24", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "cosminexus developer professional 06-00-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "sentinel support pack h", scope: "eq", trust: 0.3, vendor: "novell", version: "6.12", }, { model: "replication manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "ucosminexus application server standard 06-70-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netcool performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3", }, { model: "cosminexus client 06-50-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "cosminexus studio", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-01", }, { model: "ucosminexus developer light 06-70-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer light 06-71-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer light 06-70-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-02(x64))", }, { model: "cosminexus developer 05-05-/p", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "8.0", }, { model: "jdk 01a", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "linux mipsel", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "linux enterprise teradata sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-40", }, { model: "jndi", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.1", }, { model: "jdk 0 09", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "device manager software (solaris(sp", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "jp1/cm2/network node manager starter ed enterprise pa-risc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00-03", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-10", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-00", }, { model: "ucosminexus developer standard 06-70-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-05", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.19", }, { model: "cosminexus developer standard 06-00-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "interstage job workload server", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "8.1", }, { model: "provisioning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "cosminexus developer standard 06-51-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "vcenter", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.1", }, { model: "cognos business intelligence fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "88.4.1", }, { model: "jre 04", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.1", }, { model: "ucosminexus developer standard 06-70-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk 099", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.021", }, { model: "jre 006", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "enterprise linux server optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.29", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-60", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.2", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.2", }, { model: "tivoli enterprise console", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9", }, { model: "linux enterprise java sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "cosminexus studio", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-05", }, { model: "cognos now!", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.4", }, { model: "processing kit for xml 01-05-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer 05-05-/n", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.73", }, { model: "cosminexus application server 05-00-/n", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional 06-71-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netview for z/os", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.0", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.6", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-01", }, { model: "db2 fixpak", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.52", }, { model: "hp-ux web server suite", scope: "eq", trust: 0.3, vendor: "hp", version: "2.31", }, { model: "cosminexus developer 05-01-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli storage productivity center", scope: "ne", trust: 0.3, vendor: "ibm", version: "4.2.1.185", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.07", }, { model: "reflection for secure it unix server", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.2", }, { model: "jdk update25", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "cosminexus developer standard 06-00-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "virtualcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.51", }, { model: "jdk 04", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "replication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "replication manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-01", }, { model: "job management partner 1/automatic job management system web", scope: "eq", trust: 0.3, vendor: "hitachi", version: "2-0", }, { model: "jdk 1.6.0 01-b06", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cosminexus application server 05-00-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "rational clearquest", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.1.5", }, { model: "linux lpia", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-10-01", }, { model: "ucosminexus client 06-71-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light 06-51-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-01", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.017", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.32", }, { model: "provisioning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "jdk 1.5.0.0 03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "cosminexus developer standard 06-50-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.227", }, { model: "cosminexus application server standard 06-50-/g (aix", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "vcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.11", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.13", }, { model: "cosminexus developer standard 06-51-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.11", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50", }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.224", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "cosminexus developer standard 06-02-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "novell linux pos", scope: "eq", trust: 0.3, vendor: "s u s e", version: "9", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.27", }, { model: "tivoli integrated portal", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.115", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.8", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-71", }, { model: "cosminexus studio web edition", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-04-01", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.15", }, { model: "jdk 10", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "ucosminexus developer light 06-71-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk update18", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "ucosminexus application server standard 06-72-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-00(x64))", }, { model: "interstage application server enterprise edition 9.1.0b", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "ucosminexus application server enterprise )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.28", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.20", }, { model: "identity manager roles based provisioning module", scope: "eq", trust: 0.3, vendor: "novell", version: "3.7", }, { model: "cosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0", }, { model: "tivoli federated identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.2", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "interstage application server enterprise edition b", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0.1", }, { model: "tivoli composite application manager for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "tivoli federated identity manager", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "ucosminexus developer professional 06-71-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.20", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "job management partner 1/automatic job management system web", scope: "eq", trust: 0.3, vendor: "hitachi", version: "3-0", }, { model: "ucosminexus developer standard 06-70-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "identity manager", scope: "eq", trust: 0.3, vendor: "novell", version: "3.6.1", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50-01", }, { model: "cosminexus developer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "5.0", }, { model: "it operations director", scope: "ne", trust: 0.3, vendor: "hitachi", version: "02-50-07", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.112", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0", }, { model: "vcenter update", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.01", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.6", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.401", }, { model: "cosminexus developer standard 06-00-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer standard 06-02-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "linux enterprise sdk sp1", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "ucosminexus developer professional 06-70-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netview for z/os", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.0", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.122", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "hp-ux web server suite", scope: "eq", trust: 0.3, vendor: "hp", version: "3.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.7", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.4", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-06(x64))", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.32", }, { model: "ucosminexus developer standard 06-71-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-02", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.6", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.24", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "jndi/ldap", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.2", }, { model: "db2 fix pack 6a", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "jrockit r27.6.2", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-60", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "cosminexus developer professional 06-02-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus studio web edition", scope: "eq", trust: 0.3, vendor: "hitachi", version: "4", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "tru64 unix 5.1b-5", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.7", }, { model: "cognos powerplay", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "jp1/hicommand provisioning manager )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-90", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4", }, { model: "cosminexus developer standard 06-51-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.25", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-72(*1)", }, { model: "ucosminexus application server enterprise 06-70-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre 003", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.1", }, { model: "cosminexus application server enterprise 06-51-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-01-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-02", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.10", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.9", }, { model: "cognos executive viewer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.13", }, { model: "cognos real-time monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "cosminexus server web edition 04-01-/a", scope: "eq", trust: 0.3, vendor: "hitachi", version: null, }, { model: "reflection for secure it windows server sp2", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.0", }, { model: "ucosminexus developer light 06-71-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-11-01", }, { model: "interstage service integrator enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "9.0", }, { model: "tivoli access manager for e-business", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.1", }, { model: "jre 27", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.2", }, { model: "cosminexus developer light 06-00-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-08", }, { model: "tivoli directory server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.014", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1-1", }, { model: "cosminexus developer professional 06-02-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer light", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6", }, { model: "open-enterprise-server", scope: "eq", trust: 0.3, vendor: "s u s e", version: "0", }, { model: "tiered storage manager software (solaris(sp", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "cosminexus application server enterprise 06-50-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.011", }, { model: "global link manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.6-00", }, { model: "jrockit r27.6.3", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "cosminexus developer light 06-51-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk update14", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "cosminexus application server 05-02-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.5", }, { model: "tivoli directory server 6.2.0.3-tiv-itds-if0", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "reflection for secure it unix client sp1", scope: "ne", trust: 0.3, vendor: "attachmate", version: "7.2", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.121", }, { model: "processing kit for xml 02-05-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "processing kit for xml 02-00-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "enterprise linux desktop", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "cosminexus developer professional 06-51-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-70-/o", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server standard 06-72-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-03", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.28", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "replication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-03(x64))", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-02", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-06", }, { model: "cosminexus developer standard 06-51-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "it operations analyzer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-53", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-90", }, { model: "cognos banking risk performance", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-12", }, { model: "reflection for secure it unix client sp1", scope: "eq", trust: 0.3, vendor: "attachmate", version: "7.0", }, { model: "ucosminexus developer standard 06-71-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "jre 004", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.2", }, { model: "cosminexus developer standard 06-51-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "virtualcenter update 6a", scope: "eq", trust: 0.3, vendor: "vmware", version: "2.5", }, { model: "websphere datapower xc10 appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.0.0", }, { model: "cosminexus application server enterprise )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-02", }, { model: "cosminexus developer 05-00-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional 06-00-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-10", }, { model: "tivoli storage productivity center for replication", scope: "ne", trust: 0.3, vendor: "ibm", version: "4.2.1.4", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-70", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "device manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "reflection for the web r3 build", scope: "eq", trust: 0.3, vendor: "attachmate", version: "2008527", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "processing kit for xml 02-05-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre 17", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.3", }, { model: "cosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6", }, { model: "tivoli federated identity manager", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.2.14", }, { model: "jre 1.5.0 09", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "03-50", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.10", }, { model: "enterprise linux ws extras", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "jp1/cm2/snmp system observer )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "09-00", }, { model: "business availability center", scope: "eq", trust: 0.3, vendor: "hp", version: "7.55", }, { model: "jp1/hicommand tiered storage manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "linux enterprise server", scope: "eq", trust: 0.3, vendor: "suse", version: "9", }, { model: "esx server", scope: "eq", trust: 0.3, vendor: "vmware", version: "3.0.3", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20", }, { model: "enterprise linux es extras", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "tivoli netcool performance manager for wireless", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.010", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-90", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "jp1/cm2/network node manager i advanced", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.7", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "cosminexus application server 05-00-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus developer standard 06-71-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.26", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10", }, { model: "ucosminexus application server standard 06-70-/b )", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer 05-05-/m", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-01", }, { model: "sdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4.223", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.123", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "interstage application server enterprise edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "5.0.1", }, { model: "ucosminexus application server enterprise 06-72-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "cosminexus application server standard 06-50-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jre 003", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "ucosminexus operator", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.72", }, { model: "provisioning manager software (linux(sles", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "vcenter update manager update", scope: "ne", trust: 0.3, vendor: "vmware", version: "4.12", }, { model: "jdk 05", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "enterprise server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "ucosminexus application server standard 06-71-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "processing kit for xml 01-05-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-09", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "cosminexus developer standard 06-00-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer professional 06-51-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.116", }, { model: "jp1/cm2/network node manager starter ed enterprise solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00-03", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "ucosminexus application server enterprise hp-ux", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "cosminexus client 06-02-/g", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk update16", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "jp1/cm2/network node manager starter edition )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "ucosminexus application server standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "tiered storage manager software (linux(sles", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.3", }, { model: "sdk .0 01", scope: "eq", trust: 0.3, vendor: "sun", version: "1.4", }, { model: "cosminexus developer professional 06-50-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus developer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-00", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.4", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-01", }, { model: "cosminexus developer light 06-00-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli netcool performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.020", }, { model: "enterprise linux as for sap", scope: "eq", trust: 0.3, vendor: "redhat", version: "4", }, { model: "cosminexus studio", scope: "eq", trust: 0.3, vendor: "hitachi", version: "5", }, { model: "db2 fixpak", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.54", }, { model: "cosminexus developer standard 06-02-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-03(x64))", }, { model: "cosminexus developer standard 06-51-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-51", }, { model: "tivoli composite application manager for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "system storage ds8700", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-10", }, { model: "cosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-00", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.33", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-02", }, { model: "cosminexus studio web edition", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-04-00", }, { model: "interstage service integrator enterprise edition 9.0.0a", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "cosminexus application server standard 06-51-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli directory server 6.3.0.0-tiv-itds-if0", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.05", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "cosminexus studio", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-00", }, { model: "jre .0 03", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0", }, { model: "cosminexus developer standard 06-00-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos business viewpoint", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.113", }, { model: "websphere datapower xc10 appliance", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.0.5", }, { model: "cosminexus application server enterprise 06-51-/b (linux(", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.14", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.114", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "jdk 19", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "cosminexus developer professional 06-50-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-01-/i", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "interstage software quality analyzer 10.0.0a", scope: null, trust: 0.3, vendor: "fujitsu", version: null, }, { model: "cosminexus application server standard )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-02", }, { model: "ucosminexus developer professional", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-02", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-00-05", }, { model: "cosminexus application server 05-00-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "it operations analyzer", scope: "ne", trust: 0.3, vendor: "hitachi", version: "02-53-01", }, { model: "cosminexus developer professional 06-50-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/integrated management service support", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-0", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.15", }, { model: "jdk 003", scope: "eq", trust: 0.3, vendor: "sun", version: "1.1.8", }, { model: "cosminexus application server 05-01-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cognos decisionstream", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-10-01", }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-60", }, { model: "jp1/hicommand tuning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-00", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.34", }, { model: "jp1/automatic job management system web operation assistant", scope: "eq", trust: 0.3, vendor: "hitachi", version: "2-0", }, { model: "cosminexus application server 05-01-/l", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.25", }, { model: "jre 19", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.1", }, { model: "ucosminexus application server standard 06-70-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "reflection for secure it windows server", scope: "eq", trust: 0.3, vendor: "attachmate", version: "6.0", }, { model: "cosminexus application server", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-02", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.001", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.13", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "cosminexus application server 05-00-/o", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-00-/h", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.402", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-20-01", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.016", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "9.00", }, { model: "ucosminexus service architect", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-03-03", }, { model: "ucosminexus developer light 06-71-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server enterprise 06-51-/j", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/cm2/network node manager starter edition pa-risc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "25008-00-03", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.1", }, { model: "jdk 1.5.0 07-b03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cosminexus application server standard 06-51-/b (linux(", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server standard 06-50-/b )", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.1", }, { model: "interstage application server standard-j edition", scope: "eq", trust: 0.3, vendor: "fujitsu", version: "8.0.2", }, { model: "jre 16", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.1", }, { model: "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", scope: "eq", trust: 0.3, vendor: "hitachi", version: "08-00", }, { model: "cosminexus application server 05-05-/n", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.8", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-07", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "7.0.6", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "jboss enterprise portal platform 4.3.cp06", scope: null, trust: 0.3, vendor: "redhat", version: null, }, { model: "ucosminexus developer standard", scope: "eq", trust: 0.3, vendor: "hitachi", version: "06-70", }, { model: "enterprise linux sap", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3", }, { model: "jp1/hicommand provisioning manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "cosminexus developer standard 06-02-/a", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-05-/p", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jp1/hicommand replication monitor", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-50", }, { model: "jre 03", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3", }, { model: "tivoli netview", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.5", }, { model: "cosminexus developer professional 06-51-/b", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "openvms secure web server", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2-2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "cosminexus application server enterprise 06-51-/f", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus application server 05-00-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "replication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-01", }, { model: "cosminexus developer 05-05-/k", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "cosminexus server web edition", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-04-00", }, { model: "jp1/hicommand global link availability manager", scope: "eq", trust: 0.3, vendor: "hitachi", version: "05-04", }, { model: "cosminexus developer light 06-50-/d", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.1", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.29", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.2.1", }, { model: "jdk update22", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.4", }, { model: "ucosminexus application server enterprise", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-09", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.109", }, { model: "jdk update15", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "5.0", }, { model: "cosminexus developer 05-01-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "6.0.11", }, { model: "jboss enterprise web platform for rhel 4es", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "cosminexus developer 05-01-/e", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.3.110", }, { model: "enterprise linux desktop workstation client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "provisioning manager software (solaris(sp", scope: "ne", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "jdk 1.4.2 10", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "cosminexus developer standard 06-02-/c", scope: null, trust: 0.3, vendor: "hitachi", version: null, }, { model: "esx update", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.11", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.0.28", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00(x64))", }, { model: "tomcat", scope: "eq", trust: 0.3, vendor: "apache", version: "5.5.10", }, { model: "db2 fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.57", }, { model: "it operations analyzer", scope: "eq", trust: 0.3, vendor: "hitachi", version: "02-01", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "9.10", }, { model: "ucosminexus client", scope: "eq", trust: 0.3, vendor: "hitachi", version: "07-50-01", }, ], sources: [ { db: "BID", id: "46091", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "NVD", id: "CVE-2010-4476", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:*:update_23:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:*:update_23:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.6.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:*:update27:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_26:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_27:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_24:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_25:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:1.4.2_28:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.4.2_29", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:*:update27:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.4.2_29", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2010-4476", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "121037", }, { db: "PACKETSTORM", id: "114812", }, { db: "PACKETSTORM", id: "101334", }, { db: "PACKETSTORM", id: "100414", }, { db: "PACKETSTORM", id: "112826", }, ], trust: 0.5, }, cve: "CVE-2010-4476", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2010-4476", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2011-000018", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2011-000017", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2010-4476", trust: 1.8, value: "MEDIUM", }, { author: "IPA", id: "JVNDB-2011-000018", trust: 0.8, value: "Medium", }, { author: "IPA", id: "JVNDB-2011-000017", trust: 0.8, value: "Medium", }, { author: "VULMON", id: "CVE-2010-4476", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2010-4476", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "NVD", id: "CVE-2010-4476", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: \" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. Oracle Java is prone to a remote denial-of-service vulnerability. \nSuccessful attacks will cause applications written in Java to hang, creating a denial-of-service condition. \nThis issue affects both the Java compiler and Runtime Environment. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n < 1.6.0.29 >= 1.6.0.29 *\n 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities to cause\nunspecified impact, possibly including remote execution of arbitrary\ncode. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \">=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. \n\nNNMi Version / Operating System\n Required Patch\n Hotfix\n\n9.1x HP-UX\n Patch 4\n Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip\n\n9.1x Linux\n Patch 4\n Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip\n\n9.1x Solaris\n Patch 4\n Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip\n\n9.1x Windows\n Patch 4\n Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip\n\nNote: The hotfix must be installed after the required patch. The hotfix must\nbe reinstalled if the required patch is reinstalled. \n\nMANUAL ACTIONS: Yes - Update\n\nInstall the applicable patch and hotfix. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. Summary:\n\nUpdated java-1.6.0-ibm packages that fix several security issues are now\navailable for Red Hat Network Satellite 5.4.1 for Red Hat\nEnterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Network Satellite Server 5.4 (RHEL v.5) - i386, s390x, x86_64\n\n3. In\na typical operating environment, these are of low security risk as the\nruntime is not used on untrusted applets. Detailed vulnerability descriptions are linked from the IBM\n\"Security alerts\" page, listed in the References section. (CVE-2009-3555,\nCVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550,\nCVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557,\nCVE-2010-3558, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,\nCVE-2010-3566, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572,\nCVE-2010-3573, CVE-2010-3574, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448,\nCVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465,\nCVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4471, CVE-2010-4473,\nCVE-2010-4475, CVE-2010-4476)\n\nUsers of Red Hat Network Satellite 5.4.1 are advised to upgrade to these\nupdated java-1.6.0-ibm packages, which contain the IBM 1.6.0 SR9-FP1 Java\nrelease. For this update to take effect, Red Hat Network Satellite must be\nrestarted. Refer to the Solution section for details. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\nRun the following command to restart the Red Hat Network Satellite\nserver:\n\n# rhn-satellite restart\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation\n582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)\n639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)\n639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)\n639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813)\n639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564)\n639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023)\n639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489)\n639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692)\n642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)\n642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017)\n642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603)\n642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)\n642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)\n642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component\n642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component\n642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component\n642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component\n642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component\n642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component\n642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component\n642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component\n674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service\n675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)\n676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)\n676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922)\n677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component\n677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component\n677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component\n677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component\n677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component\n677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component\n677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component\n677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component\n677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component\n677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component\n677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component\n\n6. Package List:\n\nRed Hat Network Satellite Server 5.4 (RHEL v.5):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.src.rpm\n\ni386:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.i386.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.i386.rpm\n\ns390x:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.s390x.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.s390x.rpm\n\nx86_64:\njava-1.6.0-ibm-1.6.0.9.1-1jpp.1.el5.x86_64.rpm\njava-1.6.0-ibm-devel-1.6.0.9.1-1jpp.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2009-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-1321.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3541.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3562.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3565.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3566.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3568.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3569.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3572.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3573.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-3574.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4422.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4447.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4448.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4452.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4454.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4462.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4463.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4465.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4466.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4467.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4468.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4471.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4473.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4475.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4476.html\nhttps://access.redhat.com/security/updates/classification/#low\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n\nFor more information see vulnerability #1 in:\nSA43262\n\nPlease see the vendor's advisory for the list of affected products. \n\nSOLUTION:\nUpdate to a fixed version. Please see the vendor's advisory for more\ndetails. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSun Java JDK / JRE / SDK \"doubleValue()\" Denial of Service\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA43262\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43262/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=43262\n\nRELEASE DATE:\n2011-02-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43262/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43262/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=43262\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nKonstantin Preiber has reported a vulnerability in Sun Java, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error in the \"doubleValue()\"\nmethod in FloatingDecimal.java when converting\n\"2.2250738585072012e-308\" from a string type to a double precision\nbinary floating point and can be exploited to cause an infinite\nloop. \n* Sun JDK 5.0 Update 27 and prior. \n* Sun SDK 1.4.2_29 and prior. \n\nSOLUTION:\nApply patch via the FPUpdater tool. \n\nPROVIDED AND/OR DISCOVERED BY:\nKonstantin Preiber\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html\n\nKonstantin Preiber:\nhttp://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02746026\nVersion: 1\n\nHPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-04-12\nLast Updated: 2011-04-12\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). \n\nReferences: CVE-2010-4476\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nAny version of Java running on HP Network Node Manager i (NNMi) v8.1x and v9.0x for HP-UX, Linux, Solaris, and Windows\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made two methods available to resolve the vulnerability. Customers can request hotfixes or use the FPupdater tool. \n\nHotfixes\n\nCustomers can request the following hotfixes by contacting the normal HP Services support channel. \n\nNNMi Version\n JDK\n Hotfix Number\n\nNNMi 9.0x\n JDK b\n QCCR1B87492\n\nNNMi 9.0x\n JDK nnm\n QCCR1B87433\n\nNNMi 8.1x\n JDK b\n QCCR1B87492\n\nNNMi 8.1x\n JDK nnm (nms on Windows)\n QCCR1B87491\n\nFPUpdater (Floating Point Updater)\n\nThe FPupdater tool can be used instead of applying hotfixes. \n\nTo download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool\n\nNote: NNMi has two JDKs to be updated. Before running the FPUpdater tool set the shell environment variable JRE_HOME as follows:\n\nNNMi Version\n JDK\n JRE_HOME for HP-UX, Linux, Solaris\n JRE_HOME for Windows\n\nNNMi 9.x\n JDK b\n /opt/OV/nonOV/jdk/b/jre\n {install_dir}\\nonOV\\jdk\\b\\jre\n\nNNMi 9.x\n JDK nnm\n /opt/OV/nonOV/jdk/nnm/jre\n {install_dir}\\nonOV\\jdk\\nnm\\jre\n\nNNMi 8.1x\n JDK b\n /opt/OV/nonOV/jdk/b/jre\n {install_dir}\\nonOV\\jdk\\b\\jre\n\nNNMi 8.1x\n JDK nnm (nms on Windows)\n /opt/OV/nonOV/jdk/nnm/jre\n {install_dir}\\nonOV\\jdk\\nms\\jre\n\nMANUAL ACTIONS: Yes - Update\n\nInstall the appropriate hotfix or update using FPUpdater\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS (for HP-UX)\n\nFor HP-UX NNM 8.x and v9.x\n\nHP-UX B.11.31\nHP-UX B.11.23 (IA)\n=============\nHPOvNNM.HPNMSJBOSS\naction: install the appropriate hotfix or update using FPUpdater\n\nEND AFFECTED VERSIONS (for HP-UX)\n\nHISTORY\nVersion:1 (rev.1) - 12 April 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber's choice for Business: sign-in. \nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing & Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk2kX5sACgkQ4B86/C0qfVnGRwCgot7NFjfw2O2zBn2uPX3Q/SVW\nAewAoNWFcOq802uOl0MpL1CHVvxYZMNf\n=g6I8\n-----END PGP SIGNATURE-----\n. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent", sources: [ { db: "NVD", id: "CVE-2010-4476", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "BID", id: "46091", }, { db: "VULMON", id: "CVE-2010-4476", }, { db: "PACKETSTORM", id: "121037", }, { db: "PACKETSTORM", id: "106640", }, { db: "PACKETSTORM", id: "127267", }, { db: "PACKETSTORM", id: "114812", }, { db: "PACKETSTORM", id: "102374", }, { db: "PACKETSTORM", id: "101468", }, { db: "PACKETSTORM", id: "101334", }, { db: "PACKETSTORM", id: "98322", }, { db: "PACKETSTORM", id: "100414", }, { db: "PACKETSTORM", id: "112826", }, ], trust: 4.32, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35304", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULMON", id: "CVE-2010-4476", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2010-4476", trust: 4.7, }, { db: "SECUNIA", id: "43295", trust: 2.7, }, { db: "SECTRACK", id: "1025062", trust: 2.7, }, { db: "SECUNIA", id: "43304", trust: 1.9, }, { db: "SECUNIA", id: "43280", trust: 1.9, }, { db: "JVN", id: "JVN97334690", trust: 1.6, }, { db: "JVN", id: "JVN26301278", trust: 1.6, }, { db: "HITACHI", id: "HS11-003", trust: 1.4, }, { db: "BID", id: "46091", trust: 1.2, }, { db: "SECUNIA", id: "43400", trust: 1.1, }, { db: "SECUNIA", id: "45022", trust: 1.1, }, { db: "SECUNIA", id: "43333", trust: 1.1, }, { db: "SECUNIA", id: "43048", trust: 1.1, }, { db: "SECUNIA", id: "44954", trust: 1.1, }, { db: "SECUNIA", id: "45555", trust: 1.1, }, { db: "SECUNIA", id: "43659", trust: 1.1, }, { db: "SECUNIA", id: "43378", trust: 1.1, }, { db: "SECUNIA", id: "49198", trust: 1.1, }, { db: "VUPEN", id: "ADV-2011-0605", trust: 1.1, }, { db: "VUPEN", id: "ADV-2011-0422", trust: 1.1, }, { db: "VUPEN", id: "ADV-2011-0434", trust: 1.1, }, { db: "VUPEN", id: "ADV-2011-0365", trust: 1.1, }, { db: "VUPEN", id: "ADV-2011-0377", trust: 1.1, }, { db: "VUPEN", id: "ADV-2011-0379", trust: 1.1, }, { db: "SECUNIA", id: "43262", trust: 1, }, { db: "JVNDB", id: "JVNDB-2011-000018", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2011-000017", trust: 0.8, }, { db: "JVN", id: "JVN16308183", trust: 0.8, }, { db: "SECUNIA", id: "44303", trust: 0.8, }, { db: "SECUNIA", id: "43194", trust: 0.8, }, { db: "SECUNIA", id: "43198", trust: 0.8, }, { db: "VUPEN", id: "ADV-2011-0405", trust: 0.8, }, { db: "VUPEN", id: "ADV-2011-0339", trust: 0.8, }, { db: "VUPEN", id: "ADV-2011-1051", trust: 0.8, }, { db: "VUPEN", id: "ADV-2011-0294", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2011-001185", trust: 0.8, }, { db: "HITACHI", id: "HS11-008", trust: 0.4, }, { db: "HITACHI", id: "HS11-009", trust: 0.3, }, { db: "HITACHI", id: "HS11-010", trust: 0.3, }, { db: "SECUNIA", id: "44576", trust: 0.2, }, { db: "EXPLOIT-DB", id: "35304", trust: 0.1, }, { db: "VULMON", id: "CVE-2010-4476", trust: 0.1, }, { db: "PACKETSTORM", id: "121037", trust: 0.1, }, { db: "PACKETSTORM", id: "106640", trust: 0.1, }, { db: "PACKETSTORM", id: "127267", trust: 0.1, }, { db: "PACKETSTORM", id: "114812", trust: 0.1, }, { db: "PACKETSTORM", id: "102374", trust: 0.1, }, { db: "PACKETSTORM", id: "101468", trust: 0.1, }, { db: "PACKETSTORM", id: "101334", trust: 0.1, }, { db: "PACKETSTORM", id: "98322", trust: 0.1, }, { db: "PACKETSTORM", id: "100414", trust: 0.1, }, { db: "PACKETSTORM", id: "112826", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2010-4476", }, { db: "BID", id: "46091", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "PACKETSTORM", id: "121037", }, { db: "PACKETSTORM", id: "106640", }, { db: "PACKETSTORM", id: "127267", }, { db: "PACKETSTORM", id: "114812", }, { db: "PACKETSTORM", id: "102374", }, { db: "PACKETSTORM", id: "101468", }, { db: "PACKETSTORM", id: "101334", }, { db: "PACKETSTORM", id: "98322", }, { db: "PACKETSTORM", id: "100414", }, { db: "PACKETSTORM", id: "112826", }, { db: "NVD", id: "CVE-2010-4476", }, ], }, id: "VAR-201102-0280", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.30688400400000004, }, last_update_date: "2024-07-22T22:50:51.905000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HPSBMU02769 SSRT100846", trust: 2.4, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03298151", }, { title: "NV18-002", trust: 2.4, url: "http://jpn.nec.com/security-info/secinfo/nv18-002.html", }, { title: "1462019", trust: 1.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21462019", }, { title: "1462146", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21462146", }, { title: "1462136", trust: 0.8, url: "http://www.ibm.com/support/docview.wss?uid=swg21462136", }, { title: "PM31983", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983", }, { title: "IZ94423", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423", }, { title: "security-5.html#Not_a_vulnerability_in_Tomcat", trust: 0.8, url: "http://tomcat.apache.org/security-5.html#not_a_vulnerability_in_tomcat", }, { title: "security-6.html#Not_a_vulnerability_in_Tomcat", trust: 0.8, url: "http://tomcat.apache.org/security-6.html#not_a_vulnerability_in_tomcat", }, { title: "security-7.html#Not_a_vulnerability_in_Tomcat", trust: 0.8, url: "http://tomcat.apache.org/security-7.html#not_a_vulnerability_in_tomcat", }, { title: "1066244", trust: 0.8, url: "http://svn.apache.org/viewvc?view=revision&revision=1066244", }, { title: "1066315", trust: 0.8, url: "http://svn.apache.org/viewvc?view=revision&revision=1066315", }, { title: "1066318", trust: 0.8, url: "http://svn.apache.org/viewvc?view=revision&revision=1066318", }, { title: "HT4562", trust: 0.8, url: "http://support.apple.com/kb/ht4562", }, { title: "HT4563", trust: 0.8, url: "http://support.apple.com/kb/ht4563", }, { title: "HT4562", trust: 0.8, url: "http://support.apple.com/kb/ht4562?viewlocale=ja_jp", }, { title: "HT4563", trust: 0.8, url: "http://support.apple.com/kb/ht4563?viewlocale=ja_jp", }, { title: "tomcat5-5.5.23-0jpp.17.0.1.AXS3", trust: 0.8, url: "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1382", }, { title: "HPUXWSATW233", trust: 0.8, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw233", }, { title: "HPUXWSATW315", trust: 0.8, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw315", }, { title: "HS11-008", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-008/index.html", }, { title: "HS11-009", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-009/index.html", }, { title: "HS11-010", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-010/index.html", }, { title: "HS11-003", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html", }, { title: "HPSBUX02685", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02775276", }, { title: "HPSBUX02642", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02746026", }, { title: "HPSBUX02633", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02729756", }, { title: "HPSBUX02641", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02738573", }, { title: "HPSBUX02645", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02752210", }, { title: "HPSBTU02684", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02826781", }, { title: "1469482", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469482", }, { title: "1468197", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468197", }, { title: "javacpufeb2011-304611", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", }, { title: "cpuapr2011-301950", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", }, { title: "alert-cve-2010-4476-305811", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html", }, { title: "RHSA-2011:0336", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2011-0336.html", }, { title: "RHSA-2011:0214", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2011-0214.html", }, { title: "RHSA-2011:0282", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2011-0282.html", }, { title: "RHSA-2011:0335", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2011-0335.html", }, { title: "security_alert_for_cve-2010-44", trust: 0.8, url: "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html", }, { title: "april_2011_critical_patch_upda", trust: 0.8, url: "http://blogs.oracle.com/security/2011/04/april_2011_critical_patch_upda.html", }, { title: "VMSA-2011-0013", trust: 0.8, url: "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2011-0013.html", }, { title: "HS11-008", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-008/index.html", }, { title: "HS11-009", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-009/index.html", }, { title: "HS11-010", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-010/index.html", }, { title: "HS11-003", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-003/index.html", }, { title: "interstage_as_201101", trust: 0.8, url: "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201101.html", }, { title: "Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=8a0fbd8ef02c50b965cd7461fe7f588d", }, { title: "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-1079-3", }, { title: "Ubuntu Security Notice: openjdk-6 vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-1079-1", }, { title: "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-1079-2", }, { title: "VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=31eb28d4d81f5dda33b13bdc58dfe8fb", }, ], sources: [ { db: "VULMON", id: "CVE-2010-4476", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-189", trust: 1.6, }, { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-DesignError", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "NVD", id: "CVE-2010-4476", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.7, url: "http://secunia.com/advisories/43295", }, { trust: 2.7, url: "http://www.securitytracker.com/id?1025062", }, { trust: 2.4, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476", }, { trust: 2.4, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476", }, { trust: 1.9, url: "http://secunia.com/advisories/43280", }, { trust: 1.9, url: "http://secunia.com/advisories/43304", }, { trust: 1.5, url: "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", }, { trust: 1.4, url: "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", }, { trust: 1.4, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html", }, { trust: 1.2, url: "http://security.gentoo.org/glsa/glsa-201406-32.xml", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0214.html", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html", }, { trust: 1.1, url: "http://www.debian.org/security/2011/dsa-2161", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0282.html", }, { trust: 1.1, url: "http://secunia.com/advisories/43400", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2011/0422", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0211.html", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2011/0434", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0213.html", }, { trust: 1.1, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468358", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html", }, { trust: 1.1, url: "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715&admit=109447627+1298159618320+28353475", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2011/0365", }, { trust: 1.1, url: "http://secunia.com/advisories/43378", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2011/0379", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0212.html", }, { trust: 1.1, url: "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2011/0377", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0210.html", }, { trust: 1.1, url: "http://blog.fortify.com/blog/2011/02/08/double-trouble", }, { trust: 1.1, url: "http://secunia.com/advisories/43048", }, { trust: 1.1, url: "http://secunia.com/advisories/43333", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0334.html", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0333.html", }, { trust: 1.1, url: "http://secunia.com/advisories/45555", }, { trust: 1.1, url: "http://www.ibm.com/support/docview.wss?uid=swg24029498", }, { trust: 1.1, url: "http://www.ibm.com/support/docview.wss?uid=swg24029497", }, { trust: 1.1, url: "http://www.redhat.com/support/errata/rhsa-2011-0880.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=130514352726432&w=2", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2011:054", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=131041767210772&w=2", }, { trust: 1.1, url: "http://www.vupen.com/english/advisories/2011/0605", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=129960314701922&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html", }, { trust: 1.1, url: "http://secunia.com/advisories/43659", }, { trust: 1.1, url: "http://secunia.com/advisories/44954", }, { trust: 1.1, url: "http://secunia.com/advisories/45022", }, { trust: 1.1, url: "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html", }, { trust: 1.1, url: "http://secunia.com/advisories/49198", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=132215163318824&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=134254957702612&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=130270785502599&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=130497185606818&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=130497132406206&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=129899347607632&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=133728004526190&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=130168502603566&w=2", }, { trust: 1.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493", }, { trust: 1.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589", }, { trust: 1.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328", }, { trust: 1.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745", }, { trust: 1.1, url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=134254866602253&w=2", }, { trust: 0.9, url: "http://www.securityfocus.com/bid/46091", }, { trust: 0.8, url: "http://jvn.jp/en/jp/jvn97334690/index.html", }, { trust: 0.8, url: "http://jvn.jp/en/jp/jvn26301278/index.html", }, { trust: 0.8, url: "http://jvn.jp/jp/jvn97334690/index.html", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu584356/index.html", }, { trust: 0.8, url: "http://jvn.jp/jp/jvn16308183/index.html", }, { trust: 0.8, url: "http://jvn.jp/jp/jvn26301278/index.html", }, { trust: 0.8, url: "http://jvn.jp/tr/jvntr-2011-02", }, { trust: 0.8, url: "http://secunia.com/advisories/43198", }, { trust: 0.8, url: "http://secunia.com/advisories/43262", }, { trust: 0.8, url: "http://secunia.com/advisories/44303", }, { trust: 0.8, url: "http://secunia.com/advisories/43194", }, { trust: 0.8, url: "http://www.vupen.com/english/advisories/2011/0294", }, { trust: 0.8, url: "http://www.vupen.com/english/advisories/2011/0339", }, { trust: 0.8, url: "http://www.vupen.com/english/advisories/2011/1051", }, { trust: 0.8, url: "http://www.vupen.com/english/advisories/2011/0405", }, { trust: 0.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468884", }, { trust: 0.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469222", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4476", }, { trust: 0.5, url: "https://www.hp.com/go/swa", }, { trust: 0.4, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-008/index.html", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4448", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg24030795", }, { trust: 0.3, url: "http://www.novell.com/support/viewcontent.do?externalid=7008129", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21509635", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21468287", }, { trust: 0.3, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxfpupdater", }, { trust: 0.3, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02752210", }, { trust: 0.3, url: "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03090723&ac.admitted=1321942068127.876444892.492883150", }, { trust: 0.3, url: "http://www.novell.com/support/viewcontent.do?externalid=7009249", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21469285", }, { trust: 0.3, url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201101e.html", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=ssg1s1003877", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg1oa35932", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24029090", }, { trust: 0.3, url: "http://support.attachmate.com/techdocs/1704.html", }, { trust: 0.3, url: "http://java.sun.com", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468728", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24032592", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21474615", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg24029498", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg24029497", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg24029827", }, { trust: 0.3, url: "/archive/1/516213", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469074", }, { trust: 0.3, url: "http://support.avaya.com/css/p8/documents/100127618", }, { trust: 0.3, url: "http://support.avaya.com/css/p8/documents/100128342", }, { trust: 0.3, url: "http://support.avaya.com/css/p8/documents/100131812", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469482", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469001", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469261", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468267", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21508061", }, { trust: 0.3, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02906075", }, { trust: 0.3, url: "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715", }, { trust: 0.3, url: "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02738573", }, { trust: 0.3, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587", }, { trust: 0.3, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-009/index.html", }, { trust: 0.3, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-010/index.html", }, { trust: 0.3, url: "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21468291", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94331", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469266", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21469046", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469229", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468927", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg24029823", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468987", }, { trust: 0.3, url: "https://rhn.redhat.com/errata/rhsa-2011-0334.html", }, { trust: 0.3, url: "https://rhn.redhat.com/errata/rhsa-2011-0333.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468915", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468912", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21469042", }, { trust: 0.3, url: "http://support.attachmate.com/techdocs/2566.html", }, { trust: 0.3, url: "http://support.attachmate.com/techdocs/2564.html", }, { trust: 0.3, url: "http://support.attachmate.com/techdocs/2560.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468521", }, { trust: 0.3, url: "http://www.novell.com/support/viewcontent.do?externalid=7008485", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21468705", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=isg400000547", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24033364", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24032885", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg24029766", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg24029768", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24029502", }, { trust: 0.3, url: "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.3, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.3, url: "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3562", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3568", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3541", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3566", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3569", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3573", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3548", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3549", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3565", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3574", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4422", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3553", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3551", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3557", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4465", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4469", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4454", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4447", }, { trust: 0.3, url: "https://www.hp.com/go/java", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3563", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3560", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471", }, { trust: 0.2, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3567", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3556", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3550", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3558", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3572", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3571", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3554", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3555", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558", }, { trust: 0.2, url: "http://security.gentoo.org/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3561", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389", }, { trust: 0.2, url: "https://bugs.gentoo.org.", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4470", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3555", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4450", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4467", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4452", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0815", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0814", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4462", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0862", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4475", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4473", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0802", }, { trust: 0.2, url: "http://secunia.com/products/corporate/evm/", }, { trust: 0.2, url: "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/", }, { trust: 0.2, url: "http://secunia.com/advisories/secunia_security_advisories/", }, { trust: 0.2, url: "http://secunia.com/vulnerability_scanning/personal/", }, { trust: 0.2, url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org", }, { trust: 0.2, url: "http://secunia.com/advisories/about_secunia_advisories/", }, { trust: 0.2, url: "http://www.itrc.hp.com/service/cki/secbullarchive.do", }, { trust: 0.2, url: "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc", }, { trust: 0.2, url: "http://h30046.www3.hp.com/subsignin.php", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://www.debian.org/security/./dsa-2161", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.exploit-db.com/exploits/35304/", }, { trust: 0.1, url: "https://usn.ubuntu.com/1079-3/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=22468", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-2204", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-0033", }, { trust: 0.1, url: "https://h20392.www2.hp.com/portal", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3548", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-2526", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-2902", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3718", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-4858", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3190", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-0580", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-2693", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-0781", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-2227", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2012-0022", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2008-5515", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-1184", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-0783", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2012-5885", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0013", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-1157", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-2729", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3559", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3552", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3570", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473", }, { trust: 0.1, url: "http://security.gentoo.org/glsa/glsa-201111-02.xml", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-2783", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3564", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-2548", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-3860", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4351", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4474", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0817", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4468", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4471", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4466", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0786", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4463", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0788", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4451", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-4472", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3550.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3568.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3574.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3556.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4468.html", }, { trust: 0.1, url: "https://access.redhat.com/kb/docs/doc-11259", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3548.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3563.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4476.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3551.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3560.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-1321.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3569.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4447.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3558.html", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#low", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4452.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3549.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4462.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3566.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4422.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3571.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4475.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4473.html", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "http://www.ibm.com/developerworks/java/jdk/alerts/", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3572.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2009-3555.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3573.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3541.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4463.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4454.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-1321", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3562.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4448.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4467.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4471.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4465.html", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/#package", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-4466.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3557.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3565.html", }, { trust: 0.1, url: "http://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3555.html", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2010-3553.html", }, { trust: 0.1, url: "https://rhn.redhat.com/errata/rhsa-2011-0880.html", }, { trust: 0.1, url: "http://twitter.com/secunia", }, { trust: 0.1, url: "http://www.facebook.com/secunia", }, { trust: 0.1, url: "http://secunia.com/advisories/44576/", }, { trust: 0.1, url: "http://secunia.com/advisories/44576/#comments", }, { trust: 0.1, url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=44576", }, { trust: 0.1, url: "http://secunia.com/products/corporate/vim/section_179/", }, { trust: 0.1, url: "http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645", }, { trust: 0.1, url: "http://secunia.com/advisories/43262/", }, { trust: 0.1, url: "http://secunia.com/advisories/43262/#comments", }, { trust: 0.1, url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=43262", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3549", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0865", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3563", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0864", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3545", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3560", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3552", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2012-0499", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3389", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3556", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3557", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3548", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0867", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-0871", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-3547", }, ], sources: [ { db: "VULMON", id: "CVE-2010-4476", }, { db: "BID", id: "46091", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "PACKETSTORM", id: "121037", }, { db: "PACKETSTORM", id: "106640", }, { db: "PACKETSTORM", id: "127267", }, { db: "PACKETSTORM", id: "114812", }, { db: "PACKETSTORM", id: "102374", }, { db: "PACKETSTORM", id: "101468", }, { db: "PACKETSTORM", id: "101334", }, { db: "PACKETSTORM", id: "98322", }, { db: "PACKETSTORM", id: "100414", }, { db: "PACKETSTORM", id: "112826", }, { db: "NVD", id: "CVE-2010-4476", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2010-4476", }, { db: "BID", id: "46091", }, { db: "JVNDB", id: "JVNDB-2011-000018", }, { db: "JVNDB", id: "JVNDB-2011-000017", }, { db: "JVNDB", id: "JVNDB-2011-001185", }, { db: "PACKETSTORM", id: "121037", }, { db: "PACKETSTORM", id: "106640", }, { db: "PACKETSTORM", id: "127267", }, { db: "PACKETSTORM", id: "114812", }, { db: "PACKETSTORM", id: "102374", }, { db: "PACKETSTORM", id: "101468", }, { db: "PACKETSTORM", id: "101334", }, { db: "PACKETSTORM", id: "98322", }, { db: "PACKETSTORM", id: "100414", }, { db: "PACKETSTORM", id: "112826", }, { db: "NVD", id: "CVE-2010-4476", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2011-02-17T00:00:00", db: "VULMON", id: "CVE-2010-4476", }, { date: "2011-02-01T00:00:00", db: "BID", id: "46091", }, { date: "2011-03-04T00:00:00", db: "JVNDB", id: "JVNDB-2011-000018", }, { date: "2011-03-04T00:00:00", db: "JVNDB", id: "JVNDB-2011-000017", }, { date: "2011-03-08T00:00:00", db: "JVNDB", id: "JVNDB-2011-001185", }, { date: "2013-04-01T15:55:00", db: "PACKETSTORM", id: "121037", }, { date: "2011-11-06T01:01:42", db: "PACKETSTORM", id: "106640", }, { date: "2014-06-30T23:39:28", db: "PACKETSTORM", id: "127267", }, { date: "2012-07-17T21:49:22", db: "PACKETSTORM", id: "114812", }, { date: "2011-06-17T12:57:44", db: "PACKETSTORM", id: "102374", }, { date: "2011-05-16T06:02:35", db: "PACKETSTORM", id: "101468", }, { date: "2011-05-12T01:01:50", db: "PACKETSTORM", id: "101334", }, { date: "2011-02-09T03:30:06", db: "PACKETSTORM", id: "98322", }, { date: "2011-04-14T16:30:05", db: "PACKETSTORM", id: "100414", }, { date: "2012-05-17T21:16:37", db: "PACKETSTORM", id: "112826", }, { date: "2011-02-17T19:00:01.900000", db: "NVD", id: "CVE-2010-4476", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-10-30T00:00:00", db: "VULMON", id: "CVE-2010-4476", }, { date: "2015-04-13T21:31:00", db: "BID", id: "46091", }, { date: "2018-02-07T00:00:00", db: "JVNDB", id: "JVNDB-2011-000018", }, { date: "2018-02-07T00:00:00", db: "JVNDB", id: "JVNDB-2011-000017", }, { date: "2018-02-07T00:00:00", db: "JVNDB", id: "JVNDB-2011-001185", }, { date: "2018-10-30T16:26:21.390000", db: "NVD", id: "CVE-2010-4476", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "46091", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "IBM Lotus vulnerable to denial-of-service (DoS)", sources: [ { db: "JVNDB", id: "JVNDB-2011-000018", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Boundary Condition Error", sources: [ { db: "BID", id: "46091", }, ], trust: 0.3, }, }
var-201503-0052
Vulnerability from variot
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. Note: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-0286
Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.
CVE-2015-0287
Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
CVE-2015-0292
It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.
CVE-2015-0209
It was discovered that a malformed EC private key might result in
memory corruption.
CVE-2015-0288
It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u16. Please review the CVE identifiers and the upstream advisory referenced below for details:
- RSA silently downgrades to EXPORT_RSA [Client] (Reclassified) (CVE-2015-0204)
- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
- ASN.1 structure reuse memory corruption (CVE-2015-0287)
- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
- PKCS7 NULL pointer dereferences (CVE-2015-0289)
- Base64 decode (CVE-2015-0292)
- DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
- Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
The following issues affect OpenSSL 1.0.2 only which is not part of the supported Gentoo stable tree:
- OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
- Multiblock corrupted pointer (CVE-2015-0290)
- Segmentation fault in DTLSv1_listen (CVE-2015-0207)
- Segmentation fault for invalid PSS parameters (CVE-2015-0208)
- Empty CKE with client auth and DHE (CVE-2015-1787)
- Handshake with unseeded PRNG (CVE-2015-0285)
Impact
A remote attacker can utilize multiple vectors to cause Denial of Service or Information Disclosure. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2015-0204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204 [ 2 ] CVE-2015-0207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207 [ 3 ] CVE-2015-0208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208 [ 4 ] CVE-2015-0209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209 [ 5 ] CVE-2015-0285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285 [ 6 ] CVE-2015-0287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287 [ 7 ] CVE-2015-0288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288 [ 8 ] CVE-2015-0289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289 [ 9 ] CVE-2015-0290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290 [ 10 ] CVE-2015-0291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291 [ 11 ] CVE-2015-0292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292 [ 12 ] CVE-2015-0293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293 [ 13 ] CVE-2015-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787 [ 14 ] OpenSSL Security Advisory [19 Mar 2015] http://openssl.org/news/secadv_20150319.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015] =======================================
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Severity: High
If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: High
This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".
This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.
Multiblock corrupted pointer (CVE-2015-0290)
Severity: Moderate
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Severity: Moderate
The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.
This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a
This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.
Base64 decode (CVE-2015-0292)
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption. This was addressed in previous versions of OpenSSL but has not been included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.
Empty CKE with client auth and DHE (CVE-2015-1787)
Severity: Moderate
If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Handshake with unseeded PRNG (CVE-2015-0285)
Severity: Low
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.
For example using the following command with an unseeded openssl will succeed on an unpatched platform:
openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib Module: openssl Announced: 2015-03-19 Affects: All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique.
II. [CVE-2015-0293]
III. [CVE-2015-0209]
A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0287]
An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc
gpg --verify openssl-0.9.8.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc
gpg --verify openssl-1.0.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as described in .
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r280266 releng/8.4/ r280268 stable/9/ r280266 releng/9.3/ r280268 stable/10/ r280266 releng/10.1/ r280268
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD)
iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C 3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu 5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd UQg3YfrXHDlxCsqEzN7o =wi0T -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0052", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1k", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0p", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0q", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8ze", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.2", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "0.9.8 thats all 0.9.8zf", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0 thats all 1.0.0r", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1 thats all 1.0.1m", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.2 thats all 1.0.2a", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.3", }, { model: "enterprise manager", scope: "lt", trust: 0.8, vendor: "oracle", version: "ops center 12.1.4", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.2.0", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.2.1", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.3.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle business intelligence enterprise edition 11.1.1.7", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle business intelligence enterprise edition 11.1.1.9", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.4.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.5.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.6.1.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle exalogic infrastructure 2.0.6.2", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1 sp1", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1 sp2", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "3.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0 2007 update release 2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 10.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r1", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r3", }, { model: "csview", scope: "eq", trust: 0.8, vendor: "nec", version: "/web questionnaire", }, { model: "enterprisedirectoryserver", scope: "eq", trust: 0.8, vendor: "nec", version: "ver8.0", }, { model: "enterpriseidentitymanager", scope: "eq", trust: 0.8, vendor: "nec", version: "ver2.0 to 8.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sg series intersecvm/sg v1.2", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v3.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v3.1", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v4.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sg series sg3600lm/lg/lj v6.1", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v6.2", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v7.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v7.1", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "v8.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sg series univerge sg3000lg/lj", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "hs series", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "nv7400/nv5400/nv3400 series", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "nv7500/nv5500/nv3500 series", }, { model: "ix2000 series", scope: "eq", trust: 0.8, vendor: "nec", version: "ver.8.7.22 all subsequent", }, { model: "ix3000 series", scope: "eq", trust: 0.8, vendor: "nec", version: "ver.8.7.22 all subsequent", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.0", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.01", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.02", }, { model: "secureware/pki application development kit", scope: "eq", trust: 0.8, vendor: "nec", version: "ver3.1", }, { model: "systemdirector enterprise", scope: "eq", trust: 0.8, vendor: "nec", version: "for java ( all models ) v5.1 to v7.2", }, { model: "univerge", scope: "eq", trust: 0.8, vendor: "nec", version: "3c cmm", }, { model: "univerge", scope: "eq", trust: 0.8, vendor: "nec", version: "3c ucm v8.5.4 before", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "enterprise edition v4.2 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v4.2 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "standard-j edition v4.1 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "uddi registry v1.1 to v7.1", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "web edition v4.1 to v6.5", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "enterprise edition v7.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "enterprise v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "express v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "foundation v8.2 to v8.5", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v7.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard-j edition v7.1 to v8.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "web edition v7.1 to v8.1", }, { model: "webotx enterprise service bus", scope: "eq", trust: 0.8, vendor: "nec", version: "v6.4 to v9.2", }, { model: "webotx portal", scope: "eq", trust: 0.8, vendor: "nec", version: "v8.2 to v9.1", }, { model: "webotx sip application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v7.1 to v8.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator agent ver3.3 to ver4.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator manager ver3.2.2 to ver4.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator probe option ver3.1.0.x to ver4.1.0.x", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "jobcenter r14.1", }, { model: "system management homepage", scope: "ne", trust: 0.6, vendor: "hp", version: "7.5", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "big-ip apm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "hp-ux b.11.23 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v2)", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.32", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "security network controller 1.0.3361m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "algo one ase", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "icewall mcrp sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.211", }, { model: "pureapplication system interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.0.0.1", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "i operating system", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.12", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "tivoli netcool system service monitor fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "big-ip afm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "big-ip gtm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "big-ip apm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-ip pem hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.41", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "big-ip webaccelerator hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "big-ip gtm hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "big-ip link controller", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "insight orchestration", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.6", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.1", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.5", }, { model: "version control agent", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "big-ip link controller hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "cms", scope: "eq", trust: 0.3, vendor: "avaya", version: "17.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "abyp-4tl-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.15", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.2.0", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1209", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.24", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.4", }, { model: "project openssl 1.0.2a", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip afm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.16", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "vios fp-25 sp-02", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.4", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.6.1.0.0", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "big-iq device", scope: "eq", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3361", }, { model: "sterling integrator", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "big-ip ltm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "big-ip analytics hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "big-iq device", scope: "eq", trust: 0.3, vendor: "f5", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.0", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "big-ip link controller", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "big-ip edge gateway 11.1.0-hf2", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "big-ip asm hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "big-ip aam hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "big-ip edge gateway hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.17", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "big-ip apm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.1.0", }, { model: "project openssl 1.0.1m", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip afm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "linerate", scope: "ne", trust: 0.3, vendor: "f5", version: "2.4.2", }, { model: "big-iq adc hf3", scope: "ne", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.4", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.0", }, { model: "big-ip pem", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5.0", }, { model: "project openssl 1.0.0r", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system storage san48b-5", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "big-ip psm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.27", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.11", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "big-ip aam", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "sterling connect:express for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11150-11", }, { model: "big-ip asm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.8", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.1.1", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2.0", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "qlogic 8gb intelligent pass-thru module & san switch module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.10.1.31.00", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.0.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.23", }, { model: "big-ip apm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.5", }, { model: "big-ip ltm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.2", }, { model: "big-ip analytics", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "big-ip webaccelerator hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.1", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.3", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "initiate master data service patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.913", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.13", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sdk for node.js", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.0.13", }, { model: "infosphere guardium database activity monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "infosphere master data management patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "sametime unified telephony", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "f5", version: "2.1", }, { model: "big-ip asm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12", }, { model: "flex system en4023 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "flex system fc5022 16gb san scalable switch 7.2.1c", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.211", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "cognos controller if4", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.10", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.9", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.4", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.7", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.21", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "algo one pcre", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "aspera ondemand", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5", }, { model: "big-ip analytics hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "big-iq security", scope: "eq", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "big-ip link controller hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.16", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.3", }, { model: "big-ip afm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "abyp-2t-1s-1l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip edge gateway hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.5.3", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "security network controller 1.0.3350m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "big-ip link controller hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip edge gateway 10.2.3-hf1", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.3", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.4", }, { model: "icewall sso agent option", scope: "eq", trust: 0.3, vendor: "hp", version: "8.02007", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "websphere mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "big-ip asm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.213", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "9.0", }, { model: "big-ip asm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "tssc/imc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "totalstorage san256b director model m48", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "abyp-2t-1s-1l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.1", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "big-ip afm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "big-ip wom", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "13.2", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "abyp-10g-2sr-2lr-1-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.2", }, { model: "big-ip pem", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.3", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8.0", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "big-ip afm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "f5", version: "3.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.01", }, { model: "big-ip gtm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "abyp-2t-2s-0l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "security proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "powerkvm", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "big-ip pem", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "big-ip pem", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3.1", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "big-ip analytics hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "big-ip ltm hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "tivoli netcool system service monitor fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.08", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "big-ip pem hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "big-ip ltm hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.06", }, { model: "big-ip gtm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1.0", }, { model: "cognos controller fp3 if2", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "big-ip analytics", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.4", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.11", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.8.0", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "security network controller 1.0.3379m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.6", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "abyp-0t-4s-0l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "algo one aggregation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "big-ip link controller hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.0.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "hp-ux b.11.11 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v1)", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "big-ip edge gateway 11.0.0-hf2", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "system storage san384b", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.15", }, { model: "system storage san80b-4", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "abyp-4ts-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.07", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "big-ip edge gateway hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "flex system fc5022 16gb san scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "sterling connect:express for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.5.0.11150-11", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "infosphere master data management provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "big-ip apm hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.0", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "algo one ase", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.1", }, { model: "abyp-10g-4lr-1-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "abyp-10g-4lr-1-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.10", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.02", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "sterling connect:express for unix ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.4.6.1146-109", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.07", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip asm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0.0", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.1.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "aspera orchestrator", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.1", }, { model: "automation stratix", scope: "ne", trust: 0.3, vendor: "rockwell", version: "590015.6.3", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1768", }, { model: "big-ip psm hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "big-ip gtm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-iq device hf3", scope: "ne", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "algo one mag", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7", }, { model: "abyp-0t-0s-4l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.11", }, { model: "big-ip apm hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.2", }, { model: "abyp-4t-0s-0l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "big-ip psm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "algo audit and compliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "big-ip asm hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "cognos insight", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.2.4", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "big-ip psm hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.4", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system fc5022 16gb san scalable switch 7.3.0a", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "abyp-0t-2s-2l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.41", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "integration bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.21", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "7", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "messagesight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "big-ip gtm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "automation stratix", scope: "eq", trust: 0.3, vendor: "rockwell", version: "59000", }, { model: "big-ip link controller hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "sametime community server hf1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "project openssl 0.9.8ze", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "big-ip edge gateway hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.04", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.5", }, { model: "big-ip webaccelerator hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.5", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.2", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "big-ip gtm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.7.1", }, { model: "big-ip afm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5", }, { model: "sametime community server limited use", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.02", }, { model: "system storage san04b-r", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "hp-ux b.11.31 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v3)", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "big-ip link controller hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "big-ip ltm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "big-ip link controller hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.20", }, { model: "big-ip edge gateway hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "big-ip analytics hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.40", }, { model: "abyp-0t-2s-2l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "big-ip analytics hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "abyp-2t-0s-2l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.32", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.211", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "big-ip psm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.9.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "abyp-10g-4sr-1-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "big-ip webaccelerator hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip gtm hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "security network controller 1.0.3352m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "alienvault", scope: "ne", trust: 0.3, vendor: "alienvault", version: "5.0", }, { model: "flex system en4023 10gb scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.16", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "big-ip gtm hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.14", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.14", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.13", }, { model: "big-ip analytics 11.0.0-hf2", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.03", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "icewall sso dfw r2", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "big-ip afm hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "big-ip aam", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4.0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.411", }, { model: "infosphere master data management standard/advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.213", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.3.0", }, { model: "big-ip asm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.0", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.17", }, { model: "big-ip analytics hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "system storage san42b-r", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "big-ip analytics hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.3", }, { model: "tivoli netcool system service monitor fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.9.2", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.3", }, { model: "big-ip ltm hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "big-ip edge gateway hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-ip apm hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.2.0", }, { model: "big-ip apm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip apm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "algo one pcre", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.9", }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "big-iq security hf3", scope: "ne", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.28", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.13", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.21", }, { model: "sterling connect:express for unix ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6.1146-108", }, { model: "big-ip psm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.5.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "big-ip link controller", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "cognos controller fp1 if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.0", }, { model: "icewall sso dfw", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "big-ip pem", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "big-ip apm hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.4", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.010", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6.0", }, { model: "big-ip apm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.41", }, { model: "infosphere guardium for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "icewall sso agent option", scope: "eq", trust: 0.3, vendor: "hp", version: "8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "big-ip link controller hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip link controller", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1.0", }, { model: "abyp-10g-4sr-1-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.33", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "openssh for gpfs", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "big-ip ltm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "initiate master data service provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.0.1", }, { model: "icewall sso dfw", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.0", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3.0", }, { model: "big-ip edge gateway 11.1.0-hf3", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.26", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "big-ip wom", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "infosphere master data management standard/advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "virtual connect enterprise manager sdk", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "big-ip pem hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "big-ip asm", scope: "ne", trust: 0.3, vendor: "f5", version: "12.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.1.0", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.3", }, { model: "abyp-0t-4s-0l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.1.1", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.03", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.6", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "big-ip link controller hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-iq cloud", scope: "eq", trust: 0.3, vendor: "f5", version: "4.0", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "big-ip ltm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.5", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.3", }, { model: "big-ip link controller hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.5.1.1", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.0.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.7", }, { model: "big-ip apm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "aspera drive", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.1", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "system storage san768b", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip gtm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.0", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "big-ip link controller hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.1.3", }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.50", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15.1", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.210", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "system networking san24b-5", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.0.0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.14", }, { model: "i operating systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.0.2", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "security network controller 1.0.3381m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "7", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.9.0", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "tivoli netcool system service monitor fp14", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "algo one mag", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.8", }, { model: "websphere message broker", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.9", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "tssc/imc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "big-ip aam", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "big-ip asm hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "sterling connect:direct for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.2", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "linerate", scope: "ne", trust: 0.3, vendor: "f5", version: "2.4", }, { model: "big-ip analytics hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-iq adc", scope: "eq", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "screenos", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.6", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.5", }, { model: "big-ip gtm hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "big-ip webaccelerator hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "system storage san768b-2", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system storage san06b-r", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "pureapplication system", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.1.0.1", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.80", }, { model: "big-ip link controller hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "big-ip gtm hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "encryption switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "initiate master data service provider hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "big-ip aam hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "big-ip link controller 11.1.0-hf3", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.0.1", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.0", }, { model: "big-ip wom", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "big-ip link controller hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1", }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.2.3", }, { model: "big-ip asm hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.03", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "cognos controller fp1 if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.8.1.0", }, { model: "big-ip asm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "big-ip aam", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "big-ip afm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.4", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1.0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "abyp-0t-0s-4l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "big-ip psm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "initiate master data service patient hub", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "big-ip edge gateway 11.0.0-hf1", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.14", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "sterling connect:direct for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.14", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.1", }, { model: "big-ip wom", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "big-ip asm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "big-ip afm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.13", }, { model: "abyp-2t-2s-0l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.1", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "abyp-4tl-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.3", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3381", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "big-ip pem", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "big-ip pem", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "abyp-4ts-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "icewall mcrp sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "big-ip apm hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "qlogic 8gb intelligent pass-thru module & san switch module", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.10.1.35.00", }, { model: "infosphere guardium database activity monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "project openssl 1.0.0p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.12", }, { model: "big-ip asm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "big-ip analytics hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.09", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3", }, { model: "big-ip psm hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "big-ip wom", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "system storage san24b-4", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.7", }, { model: "big-ip asm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-ip apm hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "abyp-10g-2sr-2lr-1-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.14", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "big-ip gtm hf5", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "big-ip analytics", scope: "ne", trust: 0.3, vendor: "f5", version: "11.6.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "big-ip link controller 11.1.0-hf2", scope: null, trust: 0.3, vendor: "f5", version: null, }, { model: "big-ip analytics", scope: "ne", trust: 0.3, vendor: "f5", version: "12.1.0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.0.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.1.3", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.13", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "big-ip webaccelerator hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "icewall sso agent option update rele", scope: "eq", trust: 0.3, vendor: "hp", version: "8.02007", }, { model: "system storage san40b-4", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "system networking san96b-5", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.25", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1.1", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1", }, { model: "big-ip linerate", scope: "eq", trust: 0.3, vendor: "f5", version: "2.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "big-ip webaccelerator hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.34", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3376", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.4", }, { model: "messagesight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.010", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "messagesight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "abyp-4t-0s-0l-p", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip apm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "flex system fc5022 16gb san scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.3.1", }, { model: "project openssl 0.9.8zd", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.23", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.11", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.1", }, { model: "big-ip analytics hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "icewall sso dfw r3", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "project openssl 1.0.1k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.010", }, { model: "informix genero", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.40", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1.0", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "big-ip asm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "big-iq security", scope: "eq", trust: 0.3, vendor: "f5", version: "4.0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "big-ip analytics hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.0.1", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1", }, { model: "big-ip ltm hf9", scope: "ne", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3.2", }, { model: "big-ip wom", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "f5", version: "2.3", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.2.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control agent", scope: "ne", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "system storage san384b-2", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.7", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "big-ip asm hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.212", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "big-ip psm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "infosphere master data management standard/advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "big-ip asm hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "big-ip gtm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.01", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "sterling b2b integrator", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "big-ip wom hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1", }, { model: "big-ip apm hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "ctpos 6.6r1", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.11", }, { model: "icewall mcrp", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "sametime unified telephony", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.2.0", }, { model: "big-ip analytics hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "big-ip apm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.12", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.13", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "big-ip pem", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "big-ip gtm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.12", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.12", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.4", }, { model: "big-ip wom hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip gtm hf15", scope: "ne", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "security network controller 1.0.3376m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.9", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.9", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "security network controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.3379", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "big-ip link controller", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "big-ip link controller hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "big-ip analytics hf2", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "big-ip gtm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "10.0.1", }, { model: "big-ip aam", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "big-ip psm hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-iq cloud", scope: "eq", trust: 0.3, vendor: "f5", version: "4.5", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.9", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "rational clearcase", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "enterprise manager", scope: "eq", trust: 0.3, vendor: "f5", version: "3.1.1", }, { model: "project openssl 0.9.8zf", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "big-ip analytics", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "sonas", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.10", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "flex system fc5022 16gb san scalable switch 7.2.0d5", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "big-ip pem hf4", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "icewall mcrp", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.1", }, { model: "abyp-2t-0s-2l-p-m", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "big-ip edge gateway hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "big-ip ltm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "rational clearquest", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.7", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "big-ip apm", scope: "ne", trust: 0.3, vendor: "f5", version: "11.5.4", }, { model: "project openssl 1.0.1l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "initiate master data service", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "big-ip edge gateway hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.6.0", }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "i operating system", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "project openssl 1.0.0q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7.0", }, { model: "algo one core", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "project openssl 0.9.8u", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ctpos 6.6r2", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "big-ip psm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1", }, { model: "big-ip psm hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos controller fp1 if2", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "big-ip asm", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "icewall sso dfw r1", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "73239", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "NVD", id: "CVE-2015-0209", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8ze", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0209", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "BoringSSL project", sources: [ { db: "BID", id: "73239", }, ], trust: 0.3, }, cve: "CVE-2015-0209", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-0209", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-0209", trust: 1.8, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-0209", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2015-0209", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "NVD", id: "CVE-2015-0209", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. \nNote: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update\nreverts the defective patch applied in that update causing these\nproblems. Additionally a follow-up fix for CVE-2015-0209 is applied. \n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-0286\n\n Stephen Henson discovered that the ASN1_TYPE_cmp() function\n can be crashed, resulting in denial of service. \n\nCVE-2015-0287\n\n Emilia Kaesper discovered a memory corruption in ASN.1 parsing. \n\nCVE-2015-0292\n\n It was discovered that missing input sanitising in base64 decoding\n might result in memory corruption. \n\nCVE-2015-0209\n\n It was discovered that a malformed EC private key might result in\n memory corruption. \n\nCVE-2015-0288\n\n It was discovered that missing input sanitising in the\n X509_to_X509_REQ() function might result in denial of service. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u16. Please review the\nCVE identifiers and the upstream advisory referenced below for details:\n\n* RSA silently downgrades to EXPORT_RSA [Client] (Reclassified)\n (CVE-2015-0204)\n* Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n* ASN.1 structure reuse memory corruption (CVE-2015-0287)\n* X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n* PKCS7 NULL pointer dereferences (CVE-2015-0289)\n* Base64 decode (CVE-2015-0292)\n* DoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n* Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n\nThe following issues affect OpenSSL 1.0.2 only which is not part of the\nsupported Gentoo stable tree:\n\n* OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n* Multiblock corrupted pointer (CVE-2015-0290)\n* Segmentation fault in DTLSv1_listen (CVE-2015-0207)\n* Segmentation fault for invalid PSS parameters (CVE-2015-0208)\n* Empty CKE with client auth and DHE (CVE-2015-1787)\n* Handshake with unseeded PRNG (CVE-2015-0285)\n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to cause Denial of\nService or Information Disclosure. \nTools such as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2015-0204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204\n[ 2 ] CVE-2015-0207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207\n[ 3 ] CVE-2015-0208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208\n[ 4 ] CVE-2015-0209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209\n[ 5 ] CVE-2015-0285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285\n[ 6 ] CVE-2015-0287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287\n[ 7 ] CVE-2015-0288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288\n[ 8 ] CVE-2015-0289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289\n[ 9 ] CVE-2015-0290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290\n[ 10 ] CVE-2015-0291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291\n[ 11 ] CVE-2015-0292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292\n[ 12 ] CVE-2015-0293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293\n[ 13 ] CVE-2015-1787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787\n[ 14 ] OpenSSL Security Advisory [19 Mar 2015]\n http://openssl.org/news/secadv_20150319.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201503-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL's\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia Käsper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. This was addressed in previous versions of OpenSSL but has not been\nincluded in any security advisory until now. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. \n\nThe fix for this issue can be identified by commits d0666f289a (1.0.1),\n84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia Käsper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia Käsper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\nng=en-us&cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:06.openssl Security Advisory\n The FreeBSD Project\n\nTopic: Multiple OpenSSL vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-03-19\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)\n 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)\n 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)\n 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)\n 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)\n 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)\nCVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,\n CVE-2015-0289, CVE-2015-0293\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit <URL:https://security.FreeBSD.org/>. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nAbstract Syntax Notation One (ASN.1) is a standard and notation that\ndescribes rules and structures for representing, encoding, transmitting,\nand decoding data in telecommunications and computer networking, which\nenables representation of objects that are independent of machine-specific\nencoding technique. \n\nII. [CVE-2015-0293]\n\nIII. [CVE-2015-0209]\n\nA remote attacker who is able to send specifically crafted certificates\nmay be able to crash an OpenSSL client or server. [CVE-2015-0287]\n\nAn attacker may be able to crash applications that create a new certificate\nrequest with subject name the same as in an existing, specifically crafted\ncertificate. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc\n# gpg --verify openssl-0.9.8.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc\n# gpg --verify openssl-1.0.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch < /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r280266\nreleng/8.4/ r280268\nstable/9/ r280266\nreleng/9.3/ r280268\nstable/10/ r280266\nreleng/10.1/ r280268\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\n\nVII. References\n\n<URL:https://www.openssl.org/news/secadv_20150319.txt>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293>\n\nThe latest revision of this advisory is available at\n<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:06.openssl.asc>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.2 (FreeBSD)\n\niQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns\nhhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp\njhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy\nR7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C\n3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln\nrL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H\nt3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs\nx/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu\n5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH\nsLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq\nCgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd\nUQg3YfrXHDlxCsqEzN7o\n=wi0T\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", sources: [ { db: "NVD", id: "CVE-2015-0209", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "BID", id: "73239", }, { db: "VULMON", id: "CVE-2015-0209", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131023", }, { db: "PACKETSTORM", id: "130916", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130932", }, { db: "PACKETSTORM", id: "131585", }, ], trust: 2.7, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0209", trust: 3, }, { db: "JUNIPER", id: "JSA10680", trust: 1.4, }, { db: "BID", id: "73239", trust: 1.4, }, { db: "SECTRACK", id: "1031929", trust: 1.1, }, { db: "MCAFEE", id: "SB10110", trust: 1.1, }, { db: "SIEMENS", id: "SSA-412672", trust: 1.1, }, { db: "JVN", id: "JVNVU95877131", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-001879", trust: 0.8, }, { db: "ICS CERT", id: "ICSA-17-094-04", trust: 0.4, }, { db: "VULMON", id: "CVE-2015-0209", trust: 0.1, }, { db: "PACKETSTORM", id: "133318", trust: 0.1, }, { db: "PACKETSTORM", id: "131023", trust: 0.1, }, { db: "PACKETSTORM", id: "130916", trust: 0.1, }, { db: "PACKETSTORM", id: "130933", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "132763", trust: 0.1, }, { db: "PACKETSTORM", id: "130932", trust: 0.1, }, { db: "PACKETSTORM", id: "131585", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2015-0209", }, { db: "BID", id: "73239", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131023", }, { db: "PACKETSTORM", id: "130916", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130932", }, { db: "PACKETSTORM", id: "131585", }, { db: "NVD", id: "CVE-2015-0209", }, ], }, id: "VAR-201503-0052", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.44373096375000004, }, last_update_date: "2024-07-23T20:49:46.592000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html", }, { title: "HT204942", trust: 0.8, url: "http://support.apple.com/en-us/ht204942", }, { title: "HT204942", trust: 0.8, url: "http://support.apple.com/ja-jp/ht204942", }, { title: "cisco-sa-20150320-openssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl", }, { title: "HPSBGN03306 SSRT102007", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04626468", }, { title: "アライドテレシス株式会社からの情報", trust: 0.8, url: "http://jvn.jp/vu/jvnvu95877131/522154/index.html", }, { title: "NV15-015", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-015.html", }, { title: "Fix a failure to NULL a pointer freed on error.", trust: 0.8, url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a", }, { title: "Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150319.txt", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Oracle Critical Patch Update Advisory - January 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Oracle Solaris Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "Bug 1196737", trust: 0.8, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { title: "OpenSSL Updates of 19 March 2015", trust: 0.8, url: "https://access.redhat.com/articles/1384453", }, { title: "RHSA-2015:0715", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0715.html", }, { title: "RHSA-2015:0716", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0716.html", }, { title: "RHSA-2015:0752", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0752.html", }, { title: "SA92", trust: 0.8, url: "https://bto.bluecoat.com/security-advisory/sa92", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "January 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update", }, { title: "TLSA-2015-12", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2015/tlsa-2015-12j.html", }, { title: "OpenSSLに複数の脆弱性 (19 Mar 2015)", trust: 0.8, url: "http://www.seil.jp/support/security/a01545.html", }, { title: "cisco-sa-20150320-openssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2537-1", }, { title: "Amazon Linux AMI: ALAS-2015-498", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-498", }, { title: "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20162957 - security advisory", }, { title: "Tenable Security Advisories: [R6] OpenSSL '20150319' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-04", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150320-openssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=07adc2b6f5910b64efc7296f227b9f10", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2015-0209 ", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0209", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "NVD", id: "CVE-2015-0209", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.5, url: "https://www.openssl.org/news/secadv_20150319.txt", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.2, url: "https://security.gentoo.org/glsa/201503-11", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/73239", }, { trust: 1.1, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1196737", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3197", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html", }, { trust: 1.1, url: "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html", }, { trust: 1.1, url: "http://www.ubuntu.com/usn/usn-2537-1", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1031929", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0716.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0752.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0715.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142841429220765&w=2", }, { trust: 1.1, url: "https://access.redhat.com/articles/1384453", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html", }, { trust: 1.1, url: "http://support.apple.com/kb/ht204942", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa92", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143213830203296&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2016-1089.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10680", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10110", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2016-2957.html", }, { trust: 1.1, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", }, { trust: 1.1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a", }, { trust: 0.9, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu95877131", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0209", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.4, url: "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0292", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-", }, { trust: 0.3, url: "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/apr/37", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/aug/137", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/aug/134", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/aug/136", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958089", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962334", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693", }, { trust: 0.3, url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958903", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963024", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903752", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701028", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=swg21701256", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10680&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21882710", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964164", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903799", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902449", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902277", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21882644", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957903", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902544", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21702160", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883028", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699778", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902519", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902673", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883593", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700167", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902433", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21722409", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700411", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960212", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960210", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21883249", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964410", }, { trust: 0.3, url: "https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16323.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964686", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?rs=630&uid=swg21970748", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960588", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960668", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903261", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903729", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701326", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21882955", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0291", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1787", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0290", }, { trust: 0.3, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.2, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "http://www.debian.org/security/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2015-0209", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2537-1/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=39581", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0289", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0293", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0208", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0291", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0209", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0207", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0288", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1787", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0285", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0292", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0290", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0204", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0287", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://www.openssl.org/about/releasestrat.html),", }, { trust: 0.1, url: "https://www.openssl.org/about/secpolicy.html", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.1, url: "http://www.hp.com/go/smh", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch.asc", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287>", }, { trust: 0.1, url: "https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286>", }, { trust: 0.1, url: "https://security.freebsd.org/>.", }, { trust: 0.1, url: "https://security.freebsd.org/advisories/freebsd-sa-15:06.openssl.asc>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209>", }, { trust: 0.1, url: "https://www.freebsd.org/handbook/makeworld.html>.", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch", }, { trust: 0.1, url: "https://www.openssl.org/news/secadv_20150319.txt>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch.asc", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288>", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://osuosl.org)", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0209", }, { db: "BID", id: "73239", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131023", }, { db: "PACKETSTORM", id: "130916", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130932", }, { db: "PACKETSTORM", id: "131585", }, { db: "NVD", id: "CVE-2015-0209", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2015-0209", }, { db: "BID", id: "73239", }, { db: "JVNDB", id: "JVNDB-2015-001879", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131023", }, { db: "PACKETSTORM", id: "130916", }, { db: "PACKETSTORM", id: "130933", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130932", }, { db: "PACKETSTORM", id: "131585", }, { db: "NVD", id: "CVE-2015-0209", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-03-19T00:00:00", db: "VULMON", id: "CVE-2015-0209", }, { date: "2015-03-19T00:00:00", db: "BID", id: "73239", }, { date: "2015-03-23T00:00:00", db: "JVNDB", id: "JVNDB-2015-001879", }, { date: "2015-08-26T01:33:25", db: "PACKETSTORM", id: "133318", }, { date: "2015-03-25T15:48:03", db: "PACKETSTORM", id: "131023", }, { date: "2015-03-20T04:45:06", db: "PACKETSTORM", id: "130916", }, { date: "2015-03-20T05:46:26", db: "PACKETSTORM", id: "130933", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-07-21T13:37:51", db: "PACKETSTORM", id: "132763", }, { date: "2015-03-20T05:41:10", db: "PACKETSTORM", id: "130932", }, { date: "2015-04-22T20:14:53", db: "PACKETSTORM", id: "131585", }, { date: "2015-03-19T22:59:02.617000", db: "NVD", id: "CVE-2015-0209", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2015-0209", }, { date: "2017-05-23T16:24:00", db: "BID", id: "73239", }, { date: "2016-11-09T00:00:00", db: "JVNDB", id: "JVNDB-2015-001879", }, { date: "2023-11-07T02:23:19.410000", db: "NVD", id: "CVE-2015-0209", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "73239", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of crypto/ec/ec_asn1.c of d2i_ECPrivateKey Service disruption in functions (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2015-001879", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "73239", }, ], trust: 0.3, }, }
var-201501-0340
Vulnerability from variot
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to downgrade the security of the session to EXPORT_RSA. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)
Chris Mueller discovered that OpenSSL incorrect handled memory when processing DTLS records. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0340", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "es750", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "app for netapp data ontap", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2.00", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "es1500", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "app for stream", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "13.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.11", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "cms r17 r4", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bluemix workflow", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.00", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "infosphere master data management patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.5.03.00", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "cognos controller if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.3", }, { model: "as infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "8.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux enterprise server for vmware sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "jabber voice for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "system m4 hd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "infosphere master data management provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.116", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "cms r17 r3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "cognos controller interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "openssh for gpfs", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mint", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3.0", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x330073820", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8734-", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "cognos controller if3", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1.00", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8731-", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.3", }, { model: "cognos controller fp1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.2(3.1)", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "app for vmware", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "cloud", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79190", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "71940", }, { db: "CNNVD", id: "CNNVD-201501-173", }, { db: "NVD", id: "CVE-2015-0206", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0206", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, ], trust: 0.5, }, cve: "CVE-2015-0206", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2015-0206", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-0206", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201501-173", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-0206", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2015-0206", }, { db: "CNNVD", id: "CNNVD-201501-173", }, { db: "NVD", id: "CVE-2015-0206", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could possibly use this issue to downgrade to\nECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to downgrade\nthe security of the session to EXPORT_RSA. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when\nprocessing DTLS records. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\nng=en-us&cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user's client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2015-0206", }, { db: "BID", id: "71940", }, { db: "VULMON", id: "CVE-2015-0206", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130051", }, ], trust: 1.89, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0206", trust: 2.7, }, { db: "BID", id: "71940", trust: 1.4, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "BID", id: "91787", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "AUSCERT", id: "ESB-2022.0696", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.4252", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201501-173", trust: 0.6, }, { db: "VULMON", id: "CVE-2015-0206", trust: 0.1, }, { db: "PACKETSTORM", id: "133318", trust: 0.1, }, { db: "PACKETSTORM", id: "133316", trust: 0.1, }, { db: "PACKETSTORM", id: "130987", trust: 0.1, }, { db: "PACKETSTORM", id: "129893", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "132763", trust: 0.1, }, { db: "PACKETSTORM", id: "130051", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2015-0206", }, { db: "BID", id: "71940", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130051", }, { db: "CNNVD", id: "CNNVD-201501-173", }, { db: "NVD", id: "CVE-2015-0206", }, ], }, id: "VAR-201501-0340", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.396927715, }, last_update_date: "2024-07-23T20:50:41.225000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "openssl-1.0.0p", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190", }, { title: "openssl-0.9.8zd", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189", }, { title: "openssl-1.0.1k.tar.gz", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191", }, { title: "Red Hat: Moderate: openssl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150066 - security advisory", }, { title: "Red Hat: CVE-2015-0206", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2015-0206", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2459-1", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Tenable Security Advisories: [R7] OpenSSL '20150108' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-03", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0206", }, { db: "CNNVD", id: "CNNVD-201501-173", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2015-0206", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.5, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { trust: 1.1, url: "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/71940", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0696", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.4252/", }, { trust: 0.5, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.5, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699883", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699667", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698818", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101008182", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699938", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902694", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21697162", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695985", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698506", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0206", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/119.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2015:0066", }, { trust: 0.1, url: "https://usn.ubuntu.com/2459-1/", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0291", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1787", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0290", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0292", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5409", }, { trust: 0.1, url: "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result&doc", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5412", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5413", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5410", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5411", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0235", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://www.ubuntu.com/usn/usn-2459-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "http://www.hp.com/go/smh", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0204", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-8275", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0205", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3572", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3571", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3570", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0206", }, { db: "BID", id: "71940", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130051", }, { db: "CNNVD", id: "CNNVD-201501-173", }, { db: "NVD", id: "CVE-2015-0206", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2015-0206", }, { db: "BID", id: "71940", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130051", }, { db: "CNNVD", id: "CNNVD-201501-173", }, { db: "NVD", id: "CVE-2015-0206", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-01-09T00:00:00", db: "VULMON", id: "CVE-2015-0206", }, { date: "2015-01-07T00:00:00", db: "BID", id: "71940", }, { date: "2015-08-26T01:33:25", db: "PACKETSTORM", id: "133318", }, { date: "2015-08-26T01:33:07", db: "PACKETSTORM", id: "133316", }, { date: "2015-03-24T17:05:09", db: "PACKETSTORM", id: "130987", }, { date: "2015-01-12T21:48:37", db: "PACKETSTORM", id: "129893", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-07-21T13:37:51", db: "PACKETSTORM", id: "132763", }, { date: "2015-01-22T01:35:41", db: "PACKETSTORM", id: "130051", }, { date: "2015-01-09T00:00:00", db: "CNNVD", id: "CNNVD-201501-173", }, { date: "2015-01-09T02:59:12.117000", db: "NVD", id: "CVE-2015-0206", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-10-20T00:00:00", db: "VULMON", id: "CVE-2015-0206", }, { date: "2017-01-23T00:09:00", db: "BID", id: "71940", }, { date: "2022-02-18T00:00:00", db: "CNNVD", id: "CNNVD-201501-173", }, { date: "2017-10-20T01:29:04.393000", db: "NVD", id: "CVE-2015-0206", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "130051", }, { db: "CNNVD", id: "CNNVD-201501-173", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL ‘ dtls1_buffer_record ‘Function buffer error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-201501-173", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-201501-173", }, ], trust: 0.6, }, }
var-201410-1151
Vulnerability from variot
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded. ( Security fix ) patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded. For more information, see: https://www.openssl.org/news/secadv_20141015.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz 8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz 21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz 5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz 2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz fedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz 6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz f7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz 40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz 0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: d07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz 1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz
Slackware -current packages: 53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz cc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz
Slackware x86_64 -current packages: 500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz c483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and address the following:
AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine all the network addresses of the system Description: The AFP file server supported a command which returned all the network addresses of the system. This issue was addressed by removing the addresses from the result. CVE-ID CVE-2014-4426 : Craig Young of Tripwire VERT
bash Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in bash, including one that may allow local attackers to execute arbitrary code Description: Multiple vulnerabilities existed in bash. These issues were addressed by updating bash to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187
Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer signedness error existed in IOBluetoothFamily which allowed manipulation of kernel memory. This issue was addressed through improved bounds checking. This issue does not affect OS X Yosemite systems. CVE-ID CVE-2014-4497
Bluetooth Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An error existed in the Bluetooth driver that allowed a malicious application to control the size of a write to kernel memory. The issue was addressed through additional input validation. CVE-ID CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple security issues existed in the Bluetooth driver, allowing a malicious application to execute arbitrary code with system privilege. The issues were addressed through additional input validation. CVE-ID CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze Networks
CFNetwork Cache Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460
CoreGraphics Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the iSIGHT Partners GVP Program
CPU Software Available for: OS X Yosemite v10.10 and v10.10.1, for: MacBook Pro Retina, MacBook Air (Mid 2013 and later), iMac (Late 2013 and later), Mac Pro (Late 2013) Impact: A malicious Thunderbolt device may be able to affect firmware flashing Description: Thunderbolt devices could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework Available for: OS X Yosemite v10.10 and v10.10.1 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of App Store logs. The App Store process could log Apple ID credentials in the log when additional logging was enabled. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-4499 : Sten Petersen
CoreGraphics Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Some third-party applications with non-secure text entry and mouse events may log those events Description: Due to the combination of an uninitialized variable and an application's custom allocator, non-secure text entry and mouse events may have been logged. This issue was addressed by ensuring that logging is off by default. This issue did not affect systems prior to OS X Yosemite. CVE-ID CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PDF files. The issue was addressed through improved bounds checking. This issue does not affect OS X Yosemite systems. CVE-ID CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple type confusion issues existed in coresymbolicationd's handling of XPC messages. These issues were addressed through improved type checking. CVE-ID CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .dfont files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4483 : Apple
Foundation Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the XML parser. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4485 : Apple
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in Intel graphics driver Description: Multiple vulnerabilities existed in the Intel graphics driver, the most serious of which may have led to arbitrary code execution with system privileges. This update addresses the issues through additional bounds checks. CVE-ID CVE-2014-8819 : Ian Beer of Google Project Zero CVE-2014-8820 : Ian Beer of Google Project Zero CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOAcceleratorFamily's handling of certain IOService userclient types. This issue was addressed through improved validation of IOAcceleratorFamily contexts. CVE-ID CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in IOHIDFamily. This issue was addressed with improved bounds checking. CVE-ID CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOHIDFamily's handling of resource queue metadata. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4488 : Apple
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of event queues. This issue was addressed through improved validation of IOHIDFamily event queue initialization. CVE-ID CVE-2014-4489 : @beist
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A bounds checking issue existed in a user client vended by the IOHIDFamily driver which allowed a malicious application to overwrite arbitrary portions of the kernel address space. The issue is addressed by removing the vulnerable user client method. CVE-ID CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A privileged application may be able to read arbitrary data from kernel memory Description: A memory access issue existed in the handling of IOUSB controller user client functions. This issue was addressed through improved argument validation. CVE-ID CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Specifying a custom cache mode allowed writing to kernel read-only shared memory segments. This issue was addressed by not granting write permissions as a side-effect of some custom cache modes. CVE-ID CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-8824 : @PanguTeam
Kernel Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A local attacker can spoof directory service responses to the kernel, elevate privileges, or gain kernel execution Description: Issues existed in identitysvc validation of the directory service resolving process, flag handling, and error handling. This issue was addressed through improved validation. CVE-ID CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel Available for: OS X Yosemite v10.10 and v10.10.1 Impact: A local user may be able to determine kernel memory layout Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization. CVE-ID CVE-2014-4371 : Fermin J. Serna of the Google Security Team CVE-2014-4419 : Fermin J. Serna of the Google Security Team CVE-2014-4420 : Fermin J. Serna of the Google Security Team CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel Available for: OS X Mavericks v10.9.5 Impact: A person with a privileged network position may cause a denial of service Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking. CVE-ID CVE-2011-2391
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them. CVE-ID CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata. CVE-ID CVE-2014-4461 : @PanguTeam
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious JAR file may bypass Gatekeeper checks Description: An issue existed in the handling of application launches which allowed certain malicious JAR files to bypass Gatekeeper checks. This issue was addressed through improved handling of file type metadata. CVE-ID CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious, sandboxed app can compromise the networkd daemon Description: Multiple type confusion issues existed in networkd's handling of interprocess communication. By sending networkd a maliciously formatted message, it may have been possible to execute arbitrary code as the networkd process. The issue is addressed through additional type checking. CVE-ID CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A Mac may not lock immediately upon wake Description: An issue existed in the rendering of the lock screen. This issue was address through improved screen rendering while locked. CVE-ID CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed testers
lukemftp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Using the command line ftp tool to fetch files from a malicious http server may lead to arbitrary code execution Description: A command injection issue existed in the handling of HTTP redirects. This issue was addressed through improved validation of special characters. CVE-ID CVE-2014-8517
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one that may allow an attacker to downgrade connections to use weaker cipher-suites in applications using the library Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za. These issues were addressed by updating OpenSSL to version 0.9.8zc. CVE-ID CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
Sandbox Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A design issue existed in the caching of sandbox profiles which allowed sandboxed applications to gain write access to the cache. This issue was addressed by restricting write access to paths containing a "com.apple.sandbox" segment. This issue does not affect OS X Yosemite v10.10 or later. CVE-ID CVE-2014-8828 : Apple
SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: Multiple out of bounds write issues existed in SceneKit. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Viewing a maliciously crafted Collada file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to an unexpected application termination or arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A downloaded application signed with a revoked Developer ID certificate may pass Gatekeeper checks Description: An issue existed with how cached application certificate information was evaluated. This issue was addressed with cache logic improvements. CVE-ID CVE-2014-8838 : Apple
security_taskgate Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: An app may access keychain items belonging to other apps Description: An access control issue existed in the Keychain. Applications signed with self-signed or Developer ID certificates could access keychain items whose access control lists were based on keychain groups. This issue was addressed by validating the signing identity when granting access to keychain groups. CVE-ID CVE-2014-8831 : Apple
Spotlight Available for: OS X Yosemite v10.10 and v10.10.1 Impact: The sender of an email could determine the IP address of the recipient Description: Spotlight did not check the status of Mail's "Load remote content in messages" setting. This issue was addressed by improving configuration checking. CVE-ID CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of LastFriday.no
Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: Spotlight may save unexpected information to an external hard drive Description: An issue existed in Spotlight where memory contents may have been written to external hard drives when indexing. This issue was addressed with better memory management. CVE-ID CVE-2014-8832 : F-Secure
SpotlightIndex Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Spotlight may display results for files not belonging to the user Description: A deserialization issue existed in Spotlight's handling of permission caches. A user performing a Spotlight query may have been shown search results referencing files for which they don't have sufficient privileges to read. This issue was addressed with improved bounds checking. CVE-ID CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A type confusion vulnerability existed in sysmond that allowed a local application to escalate privileges. The issue was addressed with improved type checking. CVE-ID CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater Available for: OS X Yosemite v10.10 and v10.10.1 Impact: Printing-related preference files may contain sensitive information about PDF documents Description: OS X Yosemite v10.10 addressed an issue in the handling of password-protected PDF files created from the Print dialog where passwords may have been included in printing preference files. This update removes such extraneous information that may have been present in printing preference files. CVE-ID CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari 8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6 8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/ qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V 0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA 0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq nggZl3Sa+QhfaHSUqSJI =uAqk -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.
References
[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-39.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Release Date: 2015-03-16 Last Updated: 2015-05-20
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT101920 SSRT101921 SSRT101922 SSRT101894
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control impacted software components and versions
HP Insight Control 7.2, 7.3 and 7.4
HP Insight Control server migration v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2 v7.3.3 and v 7.4.0
HP Systems Insight Manager (SIM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.4.0, and 7.4.0a for Linux and Windows bundled with the following software:
HP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows HP Version Control Agent (VCA) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2 and v7.3.3 for Windows HP Version Control Agent (VCA) v7.2.0, v7.2.2(A), v7.3.0, v7.3.2 and v7.3.3 for Linux HP Version Control Repository Manager (VCRM) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.3.4, v7.4.0, and 7.4.0a for Windows HP Version Control Repository Manager (VCRM) v7.2.0, v7.3.4, v7.4.0 and v7.4.0a for Linux
HP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1, v7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve these vulnerabilities in HP Insight Control 7.2. The HP Insight Control 7.2.1 Update kit applicable to HP Insight Control 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPICE
NOTE: Please read the readme.txt file before proceeding with the installation.
HP has addressed these vulnerabilities for the impacted software components bundled with HP Insight Control in the following HP Security Bulletins:
HP Insight Control software components HP Security Bulletin Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03261 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571454
HP System Management Homepage (SMH) HPSBMU03260 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571379
HP Version Control Agent (VCA) HPSBMU03262 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04571956
Version Control Repository Manager (VCRM) HPSBMU03259 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04570627
HISTORY Version:1 (rev.1) - 16 March 2015 Initial release Version:2 (rev.2) - 14 April 2015 Incorrect version in Resolution Version:3 (rev.3) - 20 May 2015 Updated impacted versions
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2015-0001 Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues Issue date: 2015-01-27 Updated on: 2015-01-27 (Initial Advisory) CVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044
--- OPENSSL---
CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568
--- libxml2 ---
CVE-2014-3660
- Summary
VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
- Relevant Releases
VMware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG
- Problem Description
a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
VMware ESXi, Workstation, Player and Fusion contain an arbitrary
file write issue. Exploitation this issue may allow for privilege
escalation on the host.
The vulnerability does not allow for privilege escalation from
the guest Operating System to the host or vice-versa. This means
that host memory can not be manipulated from the Guest Operating
System.
Mitigation
For ESXi to be affected, permissions must have been added to ESXi
(or a vCenter Server managing it) for a virtual machine
administrator role or greater.
VMware would like to thank Shanon Olsson for reporting this issue to
us through JPCERT.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-8370 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any 6.0.5
ESXi 5.5 ESXi ESXi550-201403102-SG
ESXi 5.1 ESXi ESXi510-201404101-SG
ESXi 5.0 ESXi ESXi500-201405101-SG
b. VMware Workstation, Player, and Fusion Denial of Service vulnerability
VMware Workstation, Player, and Fusion contain an input validation
issue in the Host Guest File System (HGFS). This issue may allow
for a Denial of Service of the Guest Operating system.
VMware would like to thank Peter Kamensky from Digital Security for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1043 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any 7.0.1
Fusion 6.x any 6.0.5
c. VMware ESXi, Workstation, and Player Denial of Service vulnerability
VMware ESXi, Workstation, and Player contain an input
validation issue in VMware Authorization process (vmware-authd).
This issue may allow for a Denial of Service of the host. On
VMware ESXi and on Workstation running on Linux the Denial of
Service would be partial.
VMware would like to thank Dmitry Yudin @ret5et for reporting
this issue to us through HP's Zero Day Initiative.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1044 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any not affected
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201410101-SG
ESXi 5.0 ESXi not affected
d.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any Update 2d*
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
* The VMware vCenter 5.5 SSO component will be
updated in a later release
e. Update to ESXi libxml2 package
The libxml2 library is updated to version libxml2-2.7.6-17
to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3660 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation 10.x
https://www.vmware.com/go/downloadworkstation
VMware Player 6.x
https://www.vmware.com/go/downloadplayer
VMware Fusion 7.x and 6.x
https://www.vmware.com/go/downloadplayer
vCenter Server
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
ESXi 5.5 Update 2d
File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG
ESXi 5.5
File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG
ESXi 5.1
File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG
ESXi 5.0
File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
- Change log
2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8
wj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE c75UD0ctlJx5607JuLfnb6Y= =IxpT -----END PGP SIGNATURE----- . CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0". Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567].
The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. [CVE-2014-3568].
III. Impact
A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513]
By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].
An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]
IV. Workaround
No workaround is available. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 8.4, 9.1 and 9.2]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as described in .
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1151", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8zb", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "bladecenter advanced management module 3.66n", scope: "ne", trust: 0.9, vendor: "ibm", version: null, }, { model: "bladecenter advanced management module 3.66k", scope: null, trust: 0.9, vendor: "ibm", version: null, }, { model: "global console manager", scope: "ne", trust: 0.6, vendor: "ibm", version: "1.26.1.23978", }, { model: "global console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.4.2.15036", }, { model: "global console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.20.20.23447", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.6, vendor: "openssl", version: null, }, { model: "local console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.2.39.0", }, { model: "local console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.2.27.00", }, { model: "local console manager", scope: "ne", trust: 0.6, vendor: "ibm", version: "1.2.40.00", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "rational software architect realtime edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "q", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "16200", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "k", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "project openssl 0.9.8f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "58200", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "switch series r1809p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5820", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "msr4000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1.0", }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.5", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1", }, { model: "mcp r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6600", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "msr3000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sle client tools", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "850/8700", }, { model: "insight control server provisioning", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "r5203p11", scope: "ne", trust: 0.3, vendor: "hp", version: "3100v2", }, { model: "f5000-s", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr1000 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "msr9xx", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "j", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "58300", }, { model: "project openssl 1.0.1j", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0.0", }, { model: "wb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.3", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.1.0", }, { model: "n", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 1.0.0o", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "pa", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aspera", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "m210", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "vsr1000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "r15xx", scope: "eq", trust: 0.3, vendor: "hp", version: "19100", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "119000", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.4", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "switch series r5319p10", scope: "ne", trust: 0.3, vendor: "hp", version: "3610", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "msr1000 russian version r2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "f5000-c", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.1", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.0.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.23", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.4", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "a6600", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "r1828p06", scope: "ne", trust: 0.3, vendor: "hp", version: "12500", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "r2122", scope: "ne", trust: 0.3, vendor: "hp", version: "7900", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.1", }, { model: "u200s and cs f5123p30", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.0", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.1", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "office connect ps1810", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "qradar siem mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "aura communication manager ssp04", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.7", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ex series network switches for ibm products pre 12.3r9", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "f1000-a", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.3", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "hsr6602 r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "m.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.3", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "a6600 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "79000", }, { model: "aspera proxy", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "1.2.3", }, { model: "si switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51200", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "f1000-s", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "3100v2-480", }, { model: "aspera mobile", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "msr93x", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "project openssl beta4", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "h.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "r1104", scope: "ne", trust: 0.3, vendor: "hp", version: "1620", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "u200s and cs", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.20", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "general parallel file system", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.0", }, { model: "project openssl beta5", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aspera drive", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0", }, { model: "russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6602", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.4", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "f1000-e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.3", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "12500(comware", scope: "eq", trust: 0.3, vendor: "hp", version: "v7)0", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "g switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "48000", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "vcx", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "57000", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5.0", }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3.1", }, { model: "msr50-g2", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5", }, { model: "r", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "esxi esxi550-20150110", scope: "ne", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "ei switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "5500", }, { model: "kb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr30", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.8.0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "129000", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "msr1000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr30 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "i.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "m.08", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 0.9.8m beta1", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.4.1", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "a6600 r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "9500e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-493", }, { model: "msr20 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.2", }, { model: "switch series r1118p11", scope: "ne", trust: 0.3, vendor: "hp", version: "5830", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.8", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "tivoli workload scheduler for z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.6", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.6", }, { model: "secblade iii", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "rational software architect realtime edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-453", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "sle client tools for x86 64", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4", }, { model: "msr30 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "tivoli workload scheduler for z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "msr50-g2 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-467", }, { model: "msr1000 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "vb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56001", }, { model: "ka", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "office connect pk", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "yb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "f5000 f3210p22", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.1", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.5.03.00", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.41", }, { model: "aspera ondemand for google cloud", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8.2.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.21", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "aura utility services sp7", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.0", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "hsr6602 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "aspera console", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "2.5.3", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "mcp russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6600", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51200", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.2", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.2", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "msr50 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "hsr6800 r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.20", }, { model: "msr3000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "aspera faspex", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.9", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.40", }, { model: "msr2000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "va", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.32", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aspera ondemand for softlayer", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.4", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "125000", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.4", }, { model: "switch series r1809p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5800", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "aspera ondemand for azure", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5700", }, { model: "aspera shares", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "1.9", }, { model: "hi switch series r5501p06", scope: "ne", trust: 0.3, vendor: "hp", version: "5500", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "qradar risk manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "secblade iii r3820p03", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.46.4.2.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "aspera client", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "hsr6800 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.4", }, { model: "aspera outlook plugin", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "project openssl 0.9.8zc", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "switch series (comware", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v5)0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.0", }, { model: "r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6602", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.5", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.3.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.2", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.0", }, { model: "u200a and m", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.0", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.1", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56003", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "msr20-1x r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "r1105", scope: "ne", trust: 0.3, vendor: "hp", version: "1920", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.2.0", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "r11xx", scope: "eq", trust: 0.3, vendor: "hp", version: "19100", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.3", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.2", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "tivoli workload scheduler for z/os connector fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "58000", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.5", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.0", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.3", }, { model: "si switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "5500", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1.2", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "z/tpf", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "r2110p03", scope: "ne", trust: 0.3, vendor: "hp", version: "3100v2-48", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.3.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "ps110", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.33", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "9500e r1828p06", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "f5000-s r3811p03", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.1.0", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "a6600 russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.3", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.6", }, { model: "switch series (comware", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v7)0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.5", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.1", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "qradar vulnerability manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "8.0", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.0", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "msr30-16 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6602", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8.1.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "msr30-16 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "msr20-1x russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ra", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "f5000-c r3811p03", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "si switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "55000", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.1", }, { model: "rf manager", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.9.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.6.0", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "tivoli workload scheduler for z/os connector fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "hsr6800", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ei switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "5120", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "tivoli management framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2", }, { model: "h.07", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ssl for openvms", scope: "ne", trust: 0.3, vendor: "hp", version: "1.4-495", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1.1", }, { model: "msr50 g2 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "sle client tools for s390x", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2.2", }, { model: "office connect pm", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "36100", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "msr30-16", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ya", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch series r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5900", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.26.2.1.2", }, { model: "hi switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "55000", }, { model: "msr30-1x russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.0", }, { model: "msr30-1x", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.80", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-471", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "switch series r2110p03", scope: "ne", trust: 0.3, vendor: "hp", version: "3600v2", }, { model: "aura presence services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "12500(comware r7328p04", scope: "ne", trust: 0.3, vendor: "hp", version: "v7)", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aura presence services sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.0.1", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.4", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "tivoli workload scheduler distributed fp07", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "w", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "msr30 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "r15xx r1513p95", scope: "ne", trust: 0.3, vendor: "hp", version: "1910", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.8.1.0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.7.0", }, { model: "msr4000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "msr50 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "3600v20", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "msr30-1x r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "3100v20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "pb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.56.5.1.0", }, { model: "msr50 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "tivoli workload scheduler distributed fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "switch series r6708p10", scope: "ne", trust: 0.3, vendor: "hp", version: "7500", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.10", }, { model: "g switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "4800", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "f1000-e r3181p05", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "msr9xx r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "mcp russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "66000", }, { model: "4510g switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "r11xx r1107", scope: "ne", trust: 0.3, vendor: "hp", version: "1910", }, { model: "wx5002/5004", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msr30-16 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msr30-1x russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "aspera point to point", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "msr50", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.7", }, { model: "xcode", scope: "ne", trust: 0.3, vendor: "apple", version: "7.0", }, { model: "switch series r2111p06", scope: "ne", trust: 0.3, vendor: "hp", version: "11900", }, { model: "f1000-a r3734p06", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "hsr6602 russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "aspera orchestrator", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "2.10", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "8300", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "hsr6800 russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.1.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3", }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.4.0", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "59200", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "y", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "u", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "insight control", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "4210g switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.34", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "l", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "server migration pack", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "4210g switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "m220", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56002", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "f5000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aspera ondemand for amazon", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "virtual connect enterprise manager sdk", scope: "ne", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "55000", }, { model: "sdk for node.js", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.0.9", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.36.3.1.0", }, { model: "aura system manager sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "server migration pack", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "msr20-1x", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aspera cargo", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "59000", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.5", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "msr2000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "a", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "mcp", scope: "eq", trust: 0.3, vendor: "hp", version: "66000", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "125000", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "75000", }, { model: "qradar siem", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "19200", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "si switch series r1513p95", scope: "ne", trust: 0.3, vendor: "hp", version: "5120", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.1", }, { model: "f", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "qradar risk manager mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "switch series r1005p15", scope: "ne", trust: 0.3, vendor: "hp", version: "12900", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.0", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "office connect p", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "aspera orchestrator", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "r2507p34", scope: "ne", trust: 0.3, vendor: "hp", version: "6000", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "f1000-s r3734p06", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "matrix operating environment", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "msr50 g2 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "manager for sle sp2", scope: "eq", trust: 0.3, vendor: "suse", version: "111.7", }, { model: "studio onsite", scope: "eq", trust: 0.3, vendor: "suse", version: "1.3", }, { model: "msr20-1x russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "secblade ssl vpn", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "66020", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "66020", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "60000", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.0", }, { model: "office connect pl", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "msr20 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "secblade fw", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "u200a and m f5123p30", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "t", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "switch series (comware r1208p10", scope: "ne", trust: 0.3, vendor: "hp", version: "10500v5)", }, { model: "4510g switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "vsr1000 r0204p01", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "switch series r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5920", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.4", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "8.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.3", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-476", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2", }, { model: "project openssl 0.9.8u", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.1", }, { model: "ei switch series r3108p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5130", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0", }, ], sources: [ { db: "BID", id: "70585", }, { db: "NVD", id: "CVE-2014-3568", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8zb", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3568", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Akamai Technologies", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, cve: "CVE-2014-3568", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2014-3568", impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3568", trust: 1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2014-3568", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3568", }, { db: "NVD", id: "CVE-2014-3568", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\npatches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n https://www.openssl.org/news/secadv_20141015.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz\n8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz\n21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz\n5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz\n2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz\nfedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz\n6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz\nf7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz\n40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz\n0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nd07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz\n1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz\ncc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz\n\nSlackware x86_64 -current packages:\n500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz\nc483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001\n\nOS X 10.10.2 and Security Update 2015-001 are now available and\naddress the following:\n\nAFP Server\nAvailable for: OS X Mavericks v10.9.5\nImpact: A remote attacker may be able to determine all the network\naddresses of the system\nDescription: The AFP file server supported a command which returned\nall the network addresses of the system. This issue was addressed by\nremoving the addresses from the result. \nCVE-ID\nCVE-2014-4426 : Craig Young of Tripwire VERT\n\nbash\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Multiple vulnerabilities in bash, including one that may\nallow local attackers to execute arbitrary code\nDescription: Multiple vulnerabilities existed in bash. These issues\nwere addressed by updating bash to patch level 57. \nCVE-ID\nCVE-2014-6277\nCVE-2014-7186\nCVE-2014-7187\n\nBluetooth\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer signedness error existed in\nIOBluetoothFamily which allowed manipulation of kernel memory. This\nissue was addressed through improved bounds checking. This issue does\nnot affect OS X Yosemite systems. \nCVE-ID\nCVE-2014-4497\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An error existed in the Bluetooth driver that allowed a\nmalicious application to control the size of a write to kernel\nmemory. The issue was addressed through additional input validation. \nCVE-ID\nCVE-2014-8836 : Ian Beer of Google Project Zero\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple security issues existed in the Bluetooth\ndriver, allowing a malicious application to execute arbitrary code\nwith system privilege. The issues were addressed through additional\ninput validation. \nCVE-ID\nCVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCFNetwork Cache\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Website cache may not be fully cleared after leaving private\nbrowsing\nDescription: A privacy issue existed where browsing data could\nremain in the cache after leaving private browsing. This issue was\naddressed through a change in caching behavior. \nCVE-ID\nCVE-2014-4460\n\nCoreGraphics\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\niSIGHT Partners GVP Program\n\nCPU Software\nAvailable for: OS X Yosemite v10.10 and v10.10.1,\nfor: MacBook Pro Retina, MacBook Air (Mid 2013 and later),\niMac (Late 2013 and later), Mac Pro (Late 2013)\nImpact: A malicious Thunderbolt device may be able to affect\nfirmware flashing\nDescription: Thunderbolt devices could modify the host firmware if\nconnected during an EFI update. This issue was addressed by not\nloading option ROMs during updates. \nCVE-ID\nCVE-2014-4498 : Trammell Hudson of Two Sigma Investments\n\nCommerceKit Framework\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: An attacker with access to a system may be able to recover\nApple ID credentials\nDescription: An issue existed in the handling of App Store logs. The\nApp Store process could log Apple ID credentials in the log when\nadditional logging was enabled. This issue was addressed by\ndisallowing logging of credentials. \nCVE-ID\nCVE-2014-4499 : Sten Petersen\n\nCoreGraphics\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Some third-party applications with non-secure text entry and\nmouse events may log those events\nDescription: Due to the combination of an uninitialized variable and\nan application's custom allocator, non-secure text entry and mouse\nevents may have been logged. This issue was addressed by ensuring\nthat logging is off by default. This issue did not affect systems\nprior to OS X Yosemite. \nCVE-ID\nCVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard\n\nCoreGraphics\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPDF files. The issue was addressed through improved bounds checking. \nThis issue does not affect OS X Yosemite systems. \nCVE-ID\nCVE-2014-8816 : Mike Myers, of Digital Operatives LLC\n\nCoreSymbolication\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple type confusion issues existed in\ncoresymbolicationd's handling of XPC messages. These issues were\naddressed through improved type checking. \nCVE-ID\nCVE-2014-8817 : Ian Beer of Google Project Zero\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Processing a maliciously crafted .dfont file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.dfont files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of font\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4483 : Apple\n\nFoundation\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Viewing a maliciously crafted XML file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the XML parser. This issue\nwas addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4485 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Multiple vulnerabilities in Intel graphics driver\nDescription: Multiple vulnerabilities existed in the Intel graphics\ndriver, the most serious of which may have led to arbitrary code\nexecution with system privileges. This update addresses the issues\nthrough additional bounds checks. \nCVE-ID\nCVE-2014-8819 : Ian Beer of Google Project Zero\nCVE-2014-8820 : Ian Beer of Google Project Zero\nCVE-2014-8821 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in\nIOAcceleratorFamily's handling of certain IOService userclient types. \nThis issue was addressed through improved validation of\nIOAcceleratorFamily contexts. \nCVE-ID\nCVE-2014-4486 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A buffer overflow existed in IOHIDFamily. This issue\nwas addressed with improved bounds checking. \nCVE-ID\nCVE-2014-4487 : TaiG Jailbreak Team\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in IOHIDFamily's handling of\nresource queue metadata. This issue was addressed through improved\nvalidation of metadata. \nCVE-ID\nCVE-2014-4488 : Apple\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily's\nhandling of event queues. This issue was addressed through improved\nvalidation of IOHIDFamily event queue initialization. \nCVE-ID\nCVE-2014-4489 : @beist\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: A bounds checking issue existed in a user client vended\nby the IOHIDFamily driver which allowed a malicious application to\noverwrite arbitrary portions of the kernel address space. The issue\nis addressed by removing the vulnerable user client method. \nCVE-ID\nCVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative\n\nIOKit\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nIOUSBFamily\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A privileged application may be able to read arbitrary data\nfrom kernel memory\nDescription: A memory access issue existed in the handling of IOUSB\ncontroller user client functions. This issue was addressed through\nimproved argument validation. \nCVE-ID\nCVE-2014-8823 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Specifying a custom cache mode allowed writing to\nkernel read-only shared memory segments. This issue was addressed by\nnot granting write permissions as a side-effect of some custom cache\nmodes. \nCVE-ID\nCVE-2014-4495 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-8824 : @PanguTeam\n\nKernel\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A local attacker can spoof directory service responses to\nthe kernel, elevate privileges, or gain kernel execution\nDescription: Issues existed in identitysvc validation of the\ndirectory service resolving process, flag handling, and error\nhandling. This issue was addressed through improved validation. \nCVE-ID\nCVE-2014-8825 : Alex Radocea of CrowdStrike\n\nKernel\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: Multiple uninitialized memory issues existed in the\nnetwork statistics interface, which led to the disclosure of kernel\nmemory content. This issue was addressed through additional memory\ninitialization. \nCVE-ID\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5\nImpact: A person with a privileged network position may cause a\ndenial of service\nDescription: A race condition issue existed in the handling of IPv6\npackets. This issue was addressed through improved lock state\nchecking. \nCVE-ID\nCVE-2011-2391\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription: An information disclosure issue existed in the handling\nof APIs related to kernel extensions. Responses containing an\nOSBundleMachOHeaders key may have included kernel addresses, which\nmay aid in bypassing address space layout randomization protection. \nThis issue was addressed by unsliding the addresses before returning\nthem. \nCVE-ID\nCVE-2014-4491 : @PanguTeam, Stefan Esser\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IOSharedDataQueue objects. This issue was\naddressed through relocation of the metadata. \nCVE-ID\nCVE-2014-4461 : @PanguTeam\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious JAR file may bypass Gatekeeper checks\nDescription: An issue existed in the handling of application\nlaunches which allowed certain malicious JAR files to bypass\nGatekeeper checks. This issue was addressed through improved handling\nof file type metadata. \nCVE-ID\nCVE-2014-8826 : Hernan Ochoa of Amplia Security\n\nlibnetcore\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious, sandboxed app can compromise the networkd\ndaemon\nDescription: Multiple type confusion issues existed in networkd's\nhandling of interprocess communication. By sending networkd a\nmaliciously formatted message, it may have been possible to execute\narbitrary code as the networkd process. The issue is addressed\nthrough additional type checking. \nCVE-ID\nCVE-2014-4492 : Ian Beer of Google Project Zero\n\nLoginWindow\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A Mac may not lock immediately upon wake\nDescription: An issue existed in the rendering of the lock screen. \nThis issue was address through improved screen rendering while\nlocked. \nCVE-ID\nCVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed\ntesters\n\nlukemftp\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Using the command line ftp tool to fetch files from a\nmalicious http server may lead to arbitrary code execution\nDescription: A command injection issue existed in the handling of\nHTTP redirects. This issue was addressed through improved validation\nof special characters. \nCVE-ID\nCVE-2014-8517\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one\nthat may allow an attacker to downgrade connections to use weaker\ncipher-suites in applications using the library\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8za. \nThese issues were addressed by updating OpenSSL to version 0.9.8zc. \nCVE-ID\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nSandbox\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A design issue existed in the caching of sandbox\nprofiles which allowed sandboxed applications to gain write access to\nthe cache. This issue was addressed by restricting write access to\npaths containing a \"com.apple.sandbox\" segment. This issue does\nnot affect OS X Yosemite v10.10 or later. \nCVE-ID\nCVE-2014-8828 : Apple\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: Multiple out of bounds write issues existed in\nSceneKit. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-8829 : Jose Duart of the Google Security Team\n\nSceneKit\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Viewing a maliciously crafted Collada file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit's handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to an unexpected application termination or arbitrary code\nexecution. This issue was addressed through improved validation of\naccessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nSecurity\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A downloaded application signed with a revoked Developer ID\ncertificate may pass Gatekeeper checks\nDescription: An issue existed with how cached application\ncertificate information was evaluated. This issue was addressed with\ncache logic improvements. \nCVE-ID\nCVE-2014-8838 : Apple\n\nsecurity_taskgate\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: An app may access keychain items belonging to other apps\nDescription: An access control issue existed in the Keychain. \nApplications signed with self-signed or Developer ID certificates\ncould access keychain items whose access control lists were based on\nkeychain groups. This issue was addressed by validating the signing\nidentity when granting access to keychain groups. \nCVE-ID\nCVE-2014-8831 : Apple\n\nSpotlight\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: The sender of an email could determine the IP address of the\nrecipient\nDescription: Spotlight did not check the status of Mail's \"Load\nremote content in messages\" setting. This issue was addressed by\nimproving configuration checking. \nCVE-ID\nCVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of\nLastFriday.no\n\nSpotlight\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: Spotlight may save unexpected information to an external\nhard drive\nDescription: An issue existed in Spotlight where memory contents may\nhave been written to external hard drives when indexing. This issue\nwas addressed with better memory management. \nCVE-ID\nCVE-2014-8832 : F-Secure\n\nSpotlightIndex\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Spotlight may display results for files not belonging to the\nuser\nDescription: A deserialization issue existed in Spotlight's handling\nof permission caches. A user performing a Spotlight query may have\nbeen shown search results referencing files for which they don't have\nsufficient privileges to read. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2014-8833 : David J Peacock, Independent Technology Consultant\n\nsysmond\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 and v10.10.1\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: A type confusion vulnerability existed in sysmond that\nallowed a local application to escalate privileges. The issue was\naddressed with improved type checking. \nCVE-ID\nCVE-2014-8835 : Ian Beer of Google Project Zero\n\nUserAccountUpdater\nAvailable for: OS X Yosemite v10.10 and v10.10.1\nImpact: Printing-related preference files may contain sensitive\ninformation about PDF documents\nDescription: OS X Yosemite v10.10 addressed an issue in the handling\nof password-protected PDF files created from the Print dialog where\npasswords may have been included in printing preference files. This\nupdate removes such extraneous information that may have been present\nin printing preference files. \nCVE-ID\nCVE-2014-8834 : Apple\n\nNote: OS X Yosemite 10.10.2 includes the security content of Safari\n8.0.3. For further details see https://support.apple.com/kb/HT204243\n\n\nOS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained\nfrom the Mac App Store or Apple's Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\n\niQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F\nN9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET\nD1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG\nLqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX\nFcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6\n8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/\nqmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW\ngzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V\n0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA\n0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns\nsAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq\nnggZl3Sa+QhfaHSUqSJI\n=uAqk\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 26, 2014\n Bugs: #494816, #519264, #525468\n ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2\n >= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[ 2 ] CVE-2013-6450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[ 3 ] CVE-2014-3505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[ 4 ] CVE-2014-3506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[ 5 ] CVE-2014-3507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[ 6 ] CVE-2014-3509\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[ 7 ] CVE-2014-3510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[ 8 ] CVE-2014-3511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[ 9 ] CVE-2014-3512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nRelease Date: 2015-03-16\nLast Updated: 2015-05-20\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl running OpenSSL. These vulnerabilities include the SSLv3\nvulnerability known as \"Padding Oracle on Downgraded Legacy Encryption\" or\n\"POODLE\", which could be exploited remotely to allow disclosure of\ninformation. \n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT101920\nSSRT101921\nSSRT101922\nSSRT101894\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control impacted software components and versions\n\nHP Insight Control 7.2, 7.3 and 7.4\n\n HP Insight Control server migration v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2 v7.3.3 and v 7.4.0\n\nHP Systems Insight Manager (SIM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.4.0, and 7.4.0a for Linux and Windows bundled with the following software:\n\nHP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows\nHP Version Control Agent (VCA) v7.2.0, v7.2.2, v7.3.0, v7.3.1, v7.3.2 and\nv7.3.3 for Windows\nHP Version Control Agent (VCA) v7.2.0, v7.2.2(A), v7.3.0, v7.3.2 and v7.3.3\nfor Linux\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.3.4, v7.4.0, and 7.4.0a for Windows\nHP Version Control Repository Manager (VCRM) v7.2.0, v7.3.4, v7.4.0 and\nv7.4.0a for Linux\n\nHP System Management Homepage (SMH) v7.2, v7.2.1, v7.2.2, v7.3.0, v7.3.1,\nv7.3.2, v7.3.3, v7.4.0, and 7.4.0a for Linux and Windows\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software updates to resolve these\nvulnerabilities in HP Insight Control 7.2. The HP Insight Control 7.2.1\nUpdate kit applicable to HP Insight Control 7.2.x installations is available\nat the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPICE\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \n\nHP has addressed these vulnerabilities for the impacted software components\nbundled with HP Insight Control in the following HP Security Bulletins:\n\nHP Insight Control software components\n HP Security Bulletin\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03261\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571454\n\nHP System Management Homepage (SMH)\n HPSBMU03260\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571379\n\nHP Version Control Agent (VCA)\n HPSBMU03262\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04571956\n\nVersion Control Repository Manager (VCRM)\n HPSBMU03259\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c04570627\n\nHISTORY\nVersion:1 (rev.1) - 16 March 2015 Initial release\nVersion:2 (rev.2) - 14 April 2015 Incorrect version in Resolution\nVersion:3 (rev.3) - 20 May 2015 Updated impacted versions\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2015-0001\nSynopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion\n updates address security issues\nIssue date: 2015-01-27\nUpdated on: 2015-01-27 (Initial Advisory)\nCVE number: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044\n\n --- OPENSSL---\n CVE-2014-3513, CVE-2014-3567,CVE-2014-3566, CVE-2014-3568\n\n --- libxml2 ---\n CVE-2014-3660\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n several security issues. \n \n2. Relevant Releases\n\n VMware Workstation 10.x prior to version 10.0.5\n \n VMware Player 6.x prior to version 6.0.5\n\n VMware Fusion 7.x prior to version 7.0.1\n VMware Fusion 6.x prior to version 6.0.5\n\n vCenter Server 5.5 prior to Update 2d\n\n ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n ESXi 5.1 without patch ESXi510-201404101-SG\n ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n a. VMware ESXi, Workstation, Player, and Fusion host privilege\n escalation vulnerability\n\n VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n file write issue. Exploitation this issue may allow for privilege\n escalation on the host. \n\n The vulnerability does not allow for privilege escalation from \n the guest Operating System to the host or vice-versa. This means\n that host memory can not be manipulated from the Guest Operating\n System. \n\n Mitigation\n \n For ESXi to be affected, permissions must have been added to ESXi\n (or a vCenter Server managing it) for a virtual machine \n administrator role or greater. \n\n VMware would like to thank Shanon Olsson for reporting this issue to\n us through JPCERT. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-8370 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any not affected\n Fusion 6.x any 6.0.5\n\n ESXi 5.5 ESXi ESXi550-201403102-SG\n ESXi 5.1 ESXi ESXi510-201404101-SG \n ESXi 5.0 ESXi ESXi500-201405101-SG\n\n b. VMware Workstation, Player, and Fusion Denial of Service \n vulnerability\n\n VMware Workstation, Player, and Fusion contain an input validation \n issue in the Host Guest File System (HGFS). This issue may allow\n for a Denial of Service of the Guest Operating system. \n\n VMware would like to thank Peter Kamensky from Digital Security for \n reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-1043 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any 7.0.1\n Fusion 6.x any 6.0.5\n\n c. VMware ESXi, Workstation, and Player Denial of Service \n vulnerability\n\n VMware ESXi, Workstation, and Player contain an input\n validation issue in VMware Authorization process (vmware-authd). \n This issue may allow for a Denial of Service of the host. On \n VMware ESXi and on Workstation running on Linux the Denial of\n Service would be partial. \n\n VMware would like to thank Dmitry Yudin @ret5et for reporting\n this issue to us through HP's Zero Day Initiative. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-1044 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any not affected\n Fusion 6.x any not affected\n\n ESXi 5.5 ESXi ESXi550-201501101-SG\n ESXi 5.1 ESXi ESXi510-201410101-SG\n ESXi 5.0 ESXi not affected\n\n d. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-3513, CVE-2014-3567, \n CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n vCenter Server 5.5 any Update 2d*\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n ESXi 5.5 ESXi ESXi550-201501101-SG \n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending\n\n * The VMware vCenter 5.5 SSO component will be \n updated in a later release\n \n e. Update to ESXi libxml2 package\n\n The libxml2 library is updated to version libxml2-2.7.6-17\n to resolve a security issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2014-3660 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n ESXi 5.5 ESXi ESXi550-201501101-SG \n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending\n \n4. Solution\n\n Please review the patch/release notes for your product and \n version and verify the checksum of your downloaded file. \n\n VMware Workstation 10.x\n -------------------------------- \n https://www.vmware.com/go/downloadworkstation \n\n VMware Player 6.x\n -------------------------------- \n https://www.vmware.com/go/downloadplayer \n\n VMware Fusion 7.x and 6.x\n -------------------------------- \n https://www.vmware.com/go/downloadplayer \n\n vCenter Server\n ----------------------------\n Downloads and Documentation: \n https://www.vmware.com/go/download-vsphere \n\n ESXi 5.5 Update 2d\n ----------------------------\n File: update-from-esxi5.5-5.5_update01.zip\n md5sum: 5773844efc7d8e43135de46801d6ea25\n sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n http://kb.vmware.com/kb/2065832\n update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n ESXi 5.5\n ----------------------------\n File: ESXi550-201501001.zip\n md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n http://kb.vmware.com/kb/2099265\n ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n ESXi 5.1\n ----------------------------\n File: ESXi510-201404001.zip\n md5sum: 9dc3c9538de4451244a2b62d247e52c4\n sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n http://kb.vmware.com/kb/2070666\n ESXi510-201404001 contains ESXi510-201404101-SG\n\n ESXi 5.0\n ----------------------------\n File: ESXi500-201405001.zip\n md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n http://kb.vmware.com/kb/2075521\n ESXi500-201405001 contains ESXi500-201405101-SG\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2015-01-27 VMSA-2015-0001\n Initial security advisory in conjunction with the release of VMware\n Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n and, ESXi 5.5 Patches released on 2015-01-27. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n Consolidated list of VMware Security Advisories\n http://kb.vmware.com/kb/2078735\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2015 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.0 (Build 8741)\nCharset: utf-8\n\nwj8DBQFUx/+UDEcm8Vbi9kMRAmzrAKDG7u8ZTSlfQzU3eFphjebNgDkW2ACfZ9JE\nc75UD0ctlJx5607JuLfnb6Y=\n=IxpT\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \nCorrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit <URL:http://security.FreeBSD.org/>. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. [CVE-2014-3567]. \n\nThe SSL protocol 3.0, as supported in OpenSSL and other products, supports\nCBC mode encryption where it could not adequately check the integrity of\npadding, because of the use of non-deterministic CBC padding. This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. [CVE-2014-3568]. \n\nIII. Impact\n\nA remote attacker can cause Denial of Service with OpenSSL 1.0.1\nserver implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. [CVE-2014-3513]\n\nBy sending a large number of invalid session tickets an attacker\ncould exploit this issue in a Denial Of Service attack. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV. Workaround\n\nNo workaround is available. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch < /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r273151\nreleng/8.4/ r273416\nstable/9/ r273151\nreleng/9.1/ r273415\nreleng/9.2/ r273415\nreleng/9.3/ r273415\nstable/10/ r273149\nreleng/10.0/ r273415\nreleng/10.1/ r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\n\nVII", sources: [ { db: "NVD", id: "CVE-2014-3568", }, { db: "BID", id: "70585", }, { db: "VULMON", id: "CVE-2014-3568", }, { db: "PACKETSTORM", id: "128704", }, { db: "PACKETSTORM", id: "132467", }, { db: "PACKETSTORM", id: "130132", }, { db: "PACKETSTORM", id: "129721", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "128808", }, ], trust: 2.07, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3568", trust: 2.3, }, { db: "BID", id: "70585", trust: 1.4, }, { db: "SECTRACK", id: "1031053", trust: 1.1, }, { db: "SECUNIA", id: "62124", trust: 1.1, }, { db: "SECUNIA", id: "61207", trust: 1.1, }, { db: "SECUNIA", id: "61819", trust: 1.1, }, { db: "SECUNIA", id: "61058", trust: 1.1, }, { db: "SECUNIA", id: "61959", trust: 1.1, }, { db: "SECUNIA", id: "59627", trust: 1.1, }, { db: "SECUNIA", id: "61130", trust: 1.1, }, { db: "SECUNIA", id: "62070", trust: 1.1, }, { db: "SECUNIA", id: "62030", trust: 1.1, }, { db: "SECUNIA", id: "61073", trust: 1.1, }, { db: "MCAFEE", id: "SB10091", trust: 1.1, }, { db: "VULMON", id: "CVE-2014-3568", trust: 0.1, }, { db: "PACKETSTORM", id: "128704", trust: 0.1, }, { db: "PACKETSTORM", id: "132467", trust: 0.1, }, { db: "PACKETSTORM", id: "130132", trust: 0.1, }, { db: "PACKETSTORM", id: "129721", trust: 0.1, }, { db: "PACKETSTORM", id: "132085", trust: 0.1, }, { db: "PACKETSTORM", id: "130144", trust: 0.1, }, { db: "PACKETSTORM", id: "132081", trust: 0.1, }, { db: "PACKETSTORM", id: "133617", trust: 0.1, }, { db: "PACKETSTORM", id: "128808", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3568", }, { db: "BID", id: "70585", }, { db: "PACKETSTORM", id: "128704", }, { db: "PACKETSTORM", id: "132467", }, { db: "PACKETSTORM", id: "130132", }, { db: "PACKETSTORM", id: "129721", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "128808", }, { db: "NVD", id: "CVE-2014-3568", }, ], }, id: "VAR-201410-1151", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.395238084, }, last_update_date: "2024-06-17T11:32:57.198000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Red Hat: CVE-2014-3568", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3568", }, { title: "Apple: Xcode 7.0", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=768a45894d5a25fbf47fbec8f017a52b", }, { title: "Debian Security Advisories: DSA-3053-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=89bdef3607a7448566a930eca0e94cb3", }, { title: "Amazon Linux AMI: ALAS-2014-427", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2014-427", }, { title: "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=374cff59719675d8235f907c21b99bfc", }, { title: "VMware Security Advisories: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=6e6083adbf6a5be47af800d437e987a5", }, { title: "Apple: OS X Yosemite v10.10.2 and Security Update 2015-001", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=64cbe709a7be49c91d8a8b0f43621640", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3568", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2014-3568", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.5, url: "https://www.openssl.org/news/secadv_20141015.txt", }, { trust: 1.4, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.2, url: "http://security.gentoo.org/glsa/glsa-201412-39.xml", }, { trust: 1.1, url: "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=141477196830952&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142103967620673&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142495837901899&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142624590206005&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142791032306609&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142804214608580&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290437727362&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290522027658&w=2", }, { trust: 1.1, url: "http://secunia.com/advisories/59627", }, { trust: 1.1, url: "http://secunia.com/advisories/61058", }, { trust: 1.1, url: "http://secunia.com/advisories/61073", }, { trust: 1.1, url: "http://secunia.com/advisories/61130", }, { trust: 1.1, url: "http://secunia.com/advisories/61207", }, { trust: 1.1, url: "http://secunia.com/advisories/61819", }, { trust: 1.1, url: "http://secunia.com/advisories/61959", }, { trust: 1.1, url: "http://secunia.com/advisories/62030", }, { trust: 1.1, url: "http://secunia.com/advisories/62070", }, { trust: 1.1, url: "http://secunia.com/advisories/62124", }, { trust: 1.1, url: "http://support.apple.com/ht204244", }, { trust: 1.1, url: "http://www.debian.org/security/2014/dsa-3053", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/70585", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1031053", }, { trust: 1.1, url: "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/97037", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10091", }, { trust: 1.1, url: "https://support.apple.com/ht205217", }, { trust: 1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=26a59d9b46574e457870197dffa802871b4c8fc7", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3568", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3509", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2014-5139", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3511", }, { trust: 0.3, url: "http://www.openssl.org", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21691210", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/151", }, { trust: 0.3, url: "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 ", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 ", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21686792", }, { trust: 0.3, url: "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21884030", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959134", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21691005", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21688284", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697995", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697165", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21689482", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701452", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21693662", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689347", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689743", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689332", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21691140", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21688762", }, { trust: 0.3, url: "http://seclists.org/fulldisclosure/2015/jan/108", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101009000", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699200", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700489", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687863", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3508", }, { trust: 0.3, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.2, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/310.html", }, { trust: 0.1, url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7", }, { trust: 0.1, url: "https://www.rapid7.com/db/vulnerabilities/apple-osx-openssl-cve-2014-3568", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3568", }, { trust: 0.1, url: "https://www.rapid7.com/db/vulnerabilities/hpux-cve-2014-3569", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=37192", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://osuosl.org)", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1", }, { trust: 0.1, url: "https://technet.microsoft.com/library/security/3009008", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4426", }, { trust: 0.1, url: "http://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4485", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4484", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4421", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4483", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4491", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://support.apple.com/kb/ht204243", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-2391", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4487", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4481", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4419", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4420", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4488", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4489", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1595", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4498", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4497", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4460", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4492", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4499", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4389", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4461", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4486", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4495", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-6277", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-4371", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6450", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6449", }, { trust: 0.1, url: "http://security.gentoo.org/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3505", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3512", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3510", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3507", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3506", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511", }, { trust: 0.1, url: "https://twitter.com/vmwaresrc", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1044", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2078735", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2070666", }, { trust: 0.1, url: "http://www.vmware.com/security/advisories", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8370", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2075521", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2065832", }, { trust: 0.1, url: "http://kb.vmware.com/kb/1055", }, { trust: 0.1, url: "https://www.vmware.com/go/downloadplayer", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1043", }, { trust: 0.1, url: "https://www.vmware.com/support/policies/lifecycle.html", }, { trust: 0.1, url: "https://www.vmware.com/go/downloadworkstation", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3660", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2099265", }, { trust: 0.1, url: "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce", }, { trust: 0.1, url: "https://www.vmware.com/support/policies/security_response.html", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370", }, { trust: 0.1, url: "https://www.vmware.com/go/download-vsphere", }, { trust: 0.1, url: "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5910", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3185", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://developer.apple.com/xcode/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-6394", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0251", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5909", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch", }, { trust: 0.1, url: "http://www.freebsd.org/handbook/makeworld.html>.", }, { trust: 0.1, url: "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc", }, { trust: 0.1, url: "http://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513>", }, { trust: 0.1, url: "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc", }, { trust: 0.1, url: "http://security.freebsd.org/>.", }, { trust: 0.1, url: "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc>", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566>", }, { trust: 0.1, url: "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch", }, { trust: 0.1, url: "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568>", }, { trust: 0.1, url: "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567>", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3568", }, { db: "BID", id: "70585", }, { db: "PACKETSTORM", id: "128704", }, { db: "PACKETSTORM", id: "132467", }, { db: "PACKETSTORM", id: "130132", }, { db: "PACKETSTORM", id: "129721", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "128808", }, { db: "NVD", id: "CVE-2014-3568", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3568", }, { db: "BID", id: "70585", }, { db: "PACKETSTORM", id: "128704", }, { db: "PACKETSTORM", id: "132467", }, { db: "PACKETSTORM", id: "130132", }, { db: "PACKETSTORM", id: "129721", }, { db: "PACKETSTORM", id: "132085", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "133617", }, { db: "PACKETSTORM", id: "128808", }, { db: "NVD", id: "CVE-2014-3568", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-10-19T00:00:00", db: "VULMON", id: "CVE-2014-3568", }, { date: "2014-10-15T00:00:00", db: "BID", id: "70585", }, { date: "2014-10-17T00:03:05", db: "PACKETSTORM", id: "128704", }, { date: "2015-06-29T15:35:42", db: "PACKETSTORM", id: "132467", }, { date: "2015-01-28T00:36:53", db: "PACKETSTORM", id: "130132", }, { date: "2014-12-26T15:46:37", db: "PACKETSTORM", id: "129721", }, { date: "2015-05-29T23:37:43", db: "PACKETSTORM", id: "132085", }, { date: "2015-01-28T18:22:00", db: "PACKETSTORM", id: "130144", }, { date: "2015-05-29T23:37:11", db: "PACKETSTORM", id: "132081", }, { date: "2015-09-19T15:31:48", db: "PACKETSTORM", id: "133617", }, { date: "2014-10-22T19:54:29", db: "PACKETSTORM", id: "128808", }, { date: "2014-10-19T01:55:13.980000", db: "NVD", id: "CVE-2014-3568", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-15T00:00:00", db: "VULMON", id: "CVE-2014-3568", }, { date: "2016-09-09T15:00:00", db: "BID", id: "70585", }, { date: "2023-11-07T02:20:13.390000", db: "NVD", id: "CVE-2014-3568", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL 'no-ssl3' Build Option Security Bypass Vulnerability", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, }
var-201501-0338
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 2.1.1 security update Advisory ID: RHSA-2016:1650-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html Issue date: 2016-08-22 CVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes, linked to in the References section, for information on the most significant of these changes.
Security Fix(es):
-
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update).
Refer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a list of non security related fixes.
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0] 1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0] 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.1 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html https://access.redhat.com/site/documentation/ https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html https://access.redhat.com/security/vulnerabilities/httpoxy
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC VkvGRKSu76E7WPtB8TOdqyw= =7UQL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206).
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204).
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205).
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0338", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "jre 1.7.0 17", scope: null, trust: 1.8, vendor: "oracle", version: null, }, { model: "capssuite", scope: "eq", trust: 1.6, vendor: "nec", version: "v4 to v5.1", }, { model: "csview", scope: "eq", trust: 1.6, vendor: "nec", version: "/faq navigator", }, { model: "csview", scope: "eq", trust: 1.6, vendor: "nec", version: "/web questionnaire", }, { model: "enterprisedirectoryserver", scope: "eq", trust: 1.6, vendor: "nec", version: "ver6.0 to ver8.0", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "/sg series intersecvm/sg v1.2", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v3.0", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v3.1", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v4.0", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "/sg series sg3600lm/lg/lj v6.1", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v6.2", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v7.0", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v7.1", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "v8.0", }, { model: "express5800", scope: "eq", trust: 1.6, vendor: "nec", version: "/sg series univerge sg3000lg/lj", }, { model: "infocage", scope: "eq", trust: 1.6, vendor: "nec", version: "security risk management v1.0.2 to v2.1.4", }, { model: "istorage", scope: "eq", trust: 1.6, vendor: "nec", version: "a series", }, { model: "istorage", scope: "eq", trust: 1.6, vendor: "nec", version: "d series", }, { model: "istorage", scope: "eq", trust: 1.6, vendor: "nec", version: "e series", }, { model: "istorage", scope: "eq", trust: 1.6, vendor: "nec", version: "m series (nas including options )", }, { model: "istorage", scope: "eq", trust: 1.6, vendor: "nec", version: "s series", }, { model: "secureware/pki application development kit", scope: "eq", trust: 1.6, vendor: "nec", version: "ver3.0", }, { model: "secureware/pki application development kit", scope: "eq", trust: 1.6, vendor: "nec", version: "ver3.01", }, { model: "secureware/pki application development kit", scope: "eq", trust: 1.6, vendor: "nec", version: "ver3.02", }, { model: "secureware/pki application development kit", scope: "eq", trust: 1.6, vendor: "nec", version: "ver3.1", }, { model: "webotx", scope: "eq", trust: 1.6, vendor: "nec", version: "enterprise edition v4.2 to v6.5", }, { model: "webotx", scope: "eq", trust: 1.6, vendor: "nec", version: "uddi registry v1.1 to v7.1", }, { model: "webotx", scope: "eq", trust: 1.6, vendor: "nec", version: "web edition v4.1 to v6.5", }, { model: "webotx application server", scope: "eq", trust: 1.6, vendor: "nec", version: "enterprise edition v7.1", }, { model: "webotx application server", scope: "eq", trust: 1.6, vendor: "nec", version: "enterprise v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 1.6, vendor: "nec", version: "express v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 1.6, vendor: "nec", version: "foundation v8.2 to v8.5", }, { model: "webotx application server", scope: "eq", trust: 1.6, vendor: "nec", version: "web edition v7.1 to v8.1", }, { model: "webotx enterprise service bus", scope: "eq", trust: 1.6, vendor: "nec", version: "v6.4 to v9.2", }, { model: "webotx portal", scope: "eq", trust: 1.6, vendor: "nec", version: "v8.2 to v9.1", }, { model: "websam", scope: "eq", trust: 1.6, vendor: "nec", version: "jobcenter cl/web r13.1", }, { model: "websam", scope: "eq", trust: 1.6, vendor: "nec", version: "jobcenter cl/web r13.2", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1e", }, { model: "jdk 1.7.0 17", scope: null, trust: 1.5, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 13", scope: null, trust: 1.5, vendor: "oracle", version: null, }, { model: "jre 1.6.0 43", scope: null, trust: 1.5, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 39", scope: null, trust: 1.5, vendor: "oracle", version: null, }, { model: "jre 1.5.0:update 65", scope: null, trust: 1.2, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 1.2, vendor: "oracle", version: "1.7.072", }, { model: "jdk update", scope: "eq", trust: 1.2, vendor: "oracle", version: "1.8.025", }, { model: "jre update", scope: "eq", trust: 1.2, vendor: "oracle", version: "1.6.085", }, { model: "jdk 1.6.0 43", scope: null, trust: 1.2, vendor: "oracle", version: null, }, { model: "jre 1.7.0 45", scope: null, trust: 1.2, vendor: "oracle", version: null, }, { model: "jre 1.6.0 38", scope: null, trust: 1.2, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 1.2, vendor: "oracle", version: "1.6.085", }, { model: "jre 1.7.0 13", scope: null, trust: 1.2, vendor: "oracle", version: null, }, { model: "jre update", scope: "eq", trust: 1.2, vendor: "oracle", version: "1.8.025", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.2.5", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8zc", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "jre 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.6.0 31", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.7.0 8", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 21", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 32", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.081", }, { model: "jre 1.5.0 39", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 40", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 16", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.6.0 65", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.5.0 55", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.6.0 41", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0:update 75", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0:update 60", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 61", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.6.0 03", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.7.0 2", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 1.5.0:update 65", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 45", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.6.0 41", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.081", }, { model: "jre 1.5.0 11", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0:update 75", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.840", }, { model: "jre 1.6.0 39", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 40", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.6.0 23", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 60", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.7.0 51", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 35", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.5.0 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.5.0 32", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.072", }, { model: "jdk 1.7.0 45", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.691", }, { model: "jre 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.5.0 55", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.8.0:update 5", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 29", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 28", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 11", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.5.0 17", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.8.0:update 5", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 27", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 60", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 03", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.7.0 4", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.776", }, { model: "jdk 01", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.6.0 28", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 26", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 10", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 14", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.7.0 10", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 45", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.7.0 15", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.7.0 21", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 71", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 1.5.0 23", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 1.5.0 26", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.7.0 40", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 61", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 29", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 40", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.581", }, { model: "jdk 1.5.0 31", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 16", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.5.0 30", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 18", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 11", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.5.071", }, { model: "jdk 0 10", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 10", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 24", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 41", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 27", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 03", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 33", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.581", }, { model: "jre 1.5.0 14", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.5.0 24", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.7.0 25", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 32", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 2", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 25", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 24", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk .0 05", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 1.5.0 41", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 28", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.7.0 12", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 13", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 15", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.5.075", }, { model: "jre 1.7.0 9", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 21", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 15", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.6.0 18", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 22", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 32", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 31", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.7.0 8", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 21", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.7.0 25", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 38", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 37", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 27", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 15", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.840", }, { model: "jre 1.6.0 02", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.5.0 28", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 30", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 45", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 51", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.5.075", }, { model: "jre 15", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 1.5.0 12", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 71", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 51", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 13", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.020", }, { model: "jre 1.5.0 26", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.7.0 40", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 26", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 30", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.7.0 15", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.5.0 39", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.7.0 14", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 17", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk 18", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jdk", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7", }, { model: "jre 1.6.0 30", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 02", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.7.0 11", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 01", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 12", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 07", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 14", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 02", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 12", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 13", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.691", }, { model: "jre 1.5.0 13", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 25", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 22", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0 35", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.5.0 45", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 23", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 65", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.5.0 51", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 27", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.7.0:update 60", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.067", }, { model: "jdk 1.7.0 12", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre 04", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jdk 1.5.0 38", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.7.0 11", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.5.071", }, { model: "jdk 1.7.0 4", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.6.0 19", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.067", }, { model: "jdk 1.5.0 20", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.5.0 23", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 22", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 06", scope: "eq", trust: 0.9, vendor: "sun", version: "1.6", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.776", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.020", }, { model: "jre 1.6.0 25", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jre 1.5.0 40", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.7.0 9", scope: null, trust: 0.9, vendor: "oracle", version: null, }, { model: "jdk 1.6.0 18", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.6.0 19", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 1.6.0 14", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jdk 1.5.0 33", scope: null, trust: 0.9, vendor: "sun", version: null, }, { model: "jre 22", scope: "eq", trust: 0.9, vendor: "sun", version: "1.5", }, { model: null, scope: null, trust: 0.8, vendor: "apple", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "google", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "microsoft", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "nec", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "openssl", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "opera", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "research in motion rim", version: null, }, { model: "enterpriseidentitymanager", scope: "eq", trust: 0.8, vendor: "nec", version: null, }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "hs series", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v4.2 to v6.5", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "standard-j edition v4.1 to v6.5", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v7.1", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard v8.2 to v9.2", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard-j edition v7.1 to v8.1", }, { model: "webotx sip application server", scope: "eq", trust: 0.8, vendor: "nec", version: "standard edition v7.1 to v8.1", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator v3.1.0.x to v4.1.0.x", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "hs series all versions", }, { model: "sparc enterprise m3000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.2", }, { model: "cosminexus studio", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 5", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.5.1.1", }, { model: "jdk", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "6 update 21 and earlier", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "2260", }, { model: "ucosminexus client", scope: "eq", trust: 0.8, vendor: "hitachi", version: "none", }, { model: "sparc enterprise m4000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "ix3000 series", scope: "eq", trust: 0.8, vendor: "nec", version: "ver.8.7.22 all subsequent versions", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "ucosminexus developer standard", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "enterpriseidentitymanager", scope: "eq", trust: 0.8, vendor: "nec", version: "ver2.0 to 8.0", }, { model: "jre", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.0 update 81 and earlier", }, { model: "ucosminexus application server smart edition", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.3.0.0", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "st ard-j edition v7.1 to v8.1", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.22 and earlier", }, { model: "cosminexus developer version 5", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "jre", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "5.0 update 33 and earlier", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "st ard edition v4.2 to v6.5", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.2", }, { model: "cosminexus developer standard version 6", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(fujitsu m10-1/m10-4/m10-4s server )", }, { model: "cosminexus developer professional version 6", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "database", scope: "eq", trust: 0.8, vendor: "oracle", version: "server 12.1.0.2", }, { model: "cosminexus primary server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "base (hs15-019)", }, { model: "application server", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "sparc enterprise m5000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "ucosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "professional for plug-in", }, { model: "web server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "none", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle business intelligence enterprise edition 11.1.1.7", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- messaging", }, { model: "cosminexus application server version 5", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r3", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.0p", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.6.1.0.0", }, { model: "express5800", scope: "eq", trust: 0.8, vendor: "nec", version: "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "3.0", }, { model: "cosminexus developer's kit for java", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "database", scope: "eq", trust: 0.8, vendor: "oracle", version: "server 12.1.0.1", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "certd 10.0", }, { model: "ucosminexus developer light", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "st ard v8.2 to v9.2", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "nv7500/nv5500/nv3500 series", }, { model: "cosminexus developer light version 6", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "st ard-r", }, { model: "ucosminexus service platform", scope: "eq", trust: 0.8, vendor: "hitachi", version: "none", }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "nv7400/nv5400/nv3400 series", }, { model: "cosminexus client", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 6", }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "-r", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.3.0", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle endeca server 7.4.0.0", }, { model: "cosminexus application server enterprise", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 6", }, { model: "ucosminexus server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "st ard-r", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "univerge", scope: "eq", trust: 0.8, vendor: "nec", version: "3c cmm all versions", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator probe option ver3.1.0.x to ver4.1.0.x", }, { model: "cosminexus primary server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 6", }, { model: "jre", scope: "lte", trust: 0.8, vendor: "oracle", version: "6 update 91 and earlier", }, { model: "ucosminexus operator", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle business intelligence enterprise edition 11.1.1.9", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "10", }, { model: "jdk", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.0 update 81 and earlier", }, { model: "webotx application server", scope: "eq", trust: 0.8, vendor: "nec", version: "st ard edition v7.1", }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "certd 8.0r3 (with db plugin patch 2)", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "jobcenter r14.1", }, { model: "application server for developers", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus primary server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "base", }, { model: "webotx", scope: "eq", trust: 0.8, vendor: "nec", version: "st ard-j edition v4.1 to v6.5", }, { model: "cosminexus primary server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "base version 6 (hs15-018)", }, { model: "ucosminexus service architect", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus application server enterprise", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "hp icewall federation agent", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "3.0", }, { model: "cosminexus application server standard", scope: "eq", trust: 0.8, vendor: "hitachi", version: "version 6", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1", }, { model: "systemdirector enterprise", scope: "eq", trust: 0.8, vendor: "nec", version: "for java ( all models ) v5.1 to v7.2", }, { model: "developer's kit for java", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "ucosminexus client", scope: "eq", trust: 0.8, vendor: "hitachi", version: "for plug-in", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "express", }, { model: "jdk", scope: "lte", trust: 0.8, vendor: "oracle", version: "6 update 91 and earlier", }, { model: "sparc enterprise m9000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "istorage", scope: "eq", trust: 0.8, vendor: "nec", version: "ne series ver.002.05.00 later versions", }, { model: "web server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "- security enhancement", }, { model: "webotx sip application server", scope: "eq", trust: 0.8, vendor: "nec", version: "st ard edition v7.1 to v8.1", }, { model: "ucosminexus application server", scope: "eq", trust: 0.8, vendor: "hitachi", version: "light", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.8.5", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator agent ver3.3 to ver4.1", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle mobile security suite mss 3.0", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r2", }, { model: "ucosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "01", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1", }, { model: "univerge", scope: "eq", trust: 0.8, vendor: "nec", version: "3c ucm v8.5.4 before", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0", }, { model: "ix2000 series", scope: "eq", trust: 0.8, vendor: "nec", version: "ver.8.7.22 all subsequent versions", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.2.0", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r1", }, { model: "jrockit", scope: "lte", trust: 0.8, vendor: "oracle", version: "r28.3.5 and earlier", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 10.0", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "1120", }, { model: "websam", scope: "eq", trust: 0.8, vendor: "nec", version: "application navigator manager ver3.2.2 to ver4.1", }, { model: "jre", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "6 update 21 and earlier", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle exalogic infrastructure 2.0.6.2", }, { model: "ucosminexus application server standard", scope: null, trust: 0.8, vendor: "hitachi", version: null, }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.1k", }, { model: "sparc enterprise m8000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "ucosminexus developer", scope: "eq", trust: 0.8, vendor: "hitachi", version: "professional", }, { model: "jdk", scope: "lte", trust: 0.8, vendor: "sun microsystems", version: "5.0 update 33 and earlier", }, { model: "enterprise manager", scope: "eq", trust: 0.8, vendor: "oracle", version: "ops center 12.2.1", }, { model: "jdk 01-b06", scope: "eq", trust: 0.6, vendor: "sun", version: "1.6", }, { model: "jre 1.5.0.0 09", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jre", scope: "eq", trust: 0.6, vendor: "oracle", version: "1.8", }, { model: "jdk .0 04", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "jdk 1.5.0.0 08", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "jdk .0 03", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "jdk 1.6.0 38", scope: null, trust: 0.6, vendor: "oracle", version: null, }, { model: "jre 1.6.0 2", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "jdk 07-b03", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "jdk 06", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0.0 08", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 1.5.0.0 12", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 1.6.0 34", scope: null, trust: 0.6, vendor: "oracle", version: null, }, { model: "jdk", scope: "eq", trust: 0.6, vendor: "oracle", version: "1.8", }, { model: "jdk 1.5.0.0 09", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 1.5.0.0 11", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 11-b03", scope: "eq", trust: 0.6, vendor: "sun", version: "1.5", }, { model: "jre 1.5.0.0 07", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jdk 1.6.0 01", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "jre 1.6.0 20", scope: null, trust: 0.6, vendor: "sun", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.1", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.0.1", }, { model: "bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.0", }, { model: "bbm protected on blackberry", scope: "ne", trust: 0.3, vendor: "blackberry", version: "1010.3.1.1767", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "bbm on blackberry os", scope: "ne", trust: 0.3, vendor: "blackberry", version: "1010.3.1.1767", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.039", }, { model: "jdk update17", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.1", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.17", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.22", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.2", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "buildforge ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.28", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "websphere real time sr8", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.1", }, { model: "jdk update3", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.5", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.306", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.055", }, { model: "netezza platform software 7.2.0.4-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.1", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.42", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.025", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.6.1.0.0", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "rational automation framework ifix5", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.0.1.3", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "sametime community server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.04", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.1.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355041980", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.47", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "cloud manager interim fix", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.3", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.12", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.22", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "sterling control center ifix01", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.21", }, { model: "java sdk sr16-fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.02", }, { model: "java sdk sr4-fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37001.1", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "api management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "websphere real time sr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "tivoli storage flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.2", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2.00", }, { model: "tivoli asset discovery for distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2.0", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.039", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.43", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "notes fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.35", }, { model: "license metric tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.8.06", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.04", }, { model: "sterling connect:direct browser user interface ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.208", }, { model: "jre update22", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.220", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50001.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.15", }, { model: "chassis management module 2pet12g", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "java sdk ga", scope: "eq", trust: 0.3, vendor: "ibm", version: "8", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "rational requisitepro", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "db2 workgroup server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.043", }, { model: "tivoli network performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "communications session border controller scz7.3.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.121", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3", }, { model: "os", scope: "ne", trust: 0.3, vendor: "blackberry", version: "1010.3.1.1779", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.35", }, { model: "jre update3", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "cognos tm1 interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.2", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.3", }, { model: "tivoli storage manager for virtual environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.8", }, { model: "jboss enterprise application platform", scope: "eq", trust: 0.3, vendor: "redhat", version: "6.3", }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "message networking", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.39", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.4", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "flashsystem 9848-ac2", scope: "eq", trust: 0.3, vendor: "ibm", version: "v90000", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "sterling connect:direct browser ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.11.03", }, { model: "work space manager for bes10/bes12 23584 14", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "jdk update26", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.260", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.14", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.22", }, { model: "tivoli network performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "link for mac os (build", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.1.139)", }, { model: "websphere dashboard framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.1", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "jdk 1.5.0 11", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.08", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.036", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.1", }, { model: "chassis management module 2pet10e", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "workcentre 3025ni", scope: "eq", trust: 0.3, vendor: "xerox", version: "3.50.01.10", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.6", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "flashcopy manager for unix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.51", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.5", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.180", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1.1", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571480", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.16", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.17", }, { model: "java sdk sr16-fp9", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.5", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.3", }, { model: "chassis management module 2pet10p", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "jdk 1.5.0.0 06", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.7", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.0.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "rational automation framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.2", }, { model: "chassis management module 2peo12r", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "tivoli storage manager for virtual environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.3", }, { model: "control center ifix01", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.3", }, { model: "java sdk 6r1 sr8-fp2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "netezza platform software 7.1.0.4-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.1", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.6.1", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.3", }, { model: "bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.0.1", }, { model: "tivoli storage manager client management services", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.1.200", }, { model: "workcentre", scope: "eq", trust: 0.3, vendor: "xerox", version: "32253.50.01.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.5", }, { model: "java sdk sr16", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "multi-enterprise integration gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "rational requisitepro", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "bbm meetings for blackberry", scope: "eq", trust: 0.3, vendor: "blackberry", version: "100", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "bcaaa", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.5", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.5", }, { model: "java sdk sr16-fp10", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "tivoli access manager for e-business", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.2", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.8", }, { model: "rational developer for aix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "sterling control center ifix02", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.10", }, { model: "flashcopy manager for oracle", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.1.7", }, { model: "tivoli storage manager operations center", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "link for windows", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.2.1.31", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.13", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "hp-ux b.11.31 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v3)", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.0", }, { model: "messaging application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0.1", }, { model: "chassis management module 2pet12r", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "chassis management module 2pet10b", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "java sdk sr7", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "chassis management module 2peo12o", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.038", }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.3", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.31", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.3", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.365", }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.3", }, { model: "java sdk sr16-fp6", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.411", }, { model: "java sdk sr12", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "java sdk", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "tape subsystems", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.018", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x73210", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.2", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.019", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.15", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.3", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.11", }, { model: "project openssl 0.9.8zd", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.2", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.51", }, { model: "sterling connect:direct browser", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.3", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.01", }, { model: "flashsystem 9846-ae2", scope: "eq", trust: 0.3, vendor: "ibm", version: "v90000", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.1", }, { model: "secure work space for bes10/bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.1.0.150361", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.1", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "notes fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.1.1", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "7.0", }, { model: "commoncryptolib", scope: "eq", trust: 0.3, vendor: "sap", version: "0", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.0", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.3.9.3", }, { model: "jdk 1.5.0 11-b03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "bes10", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "smartcloud entry appliance fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.4", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.3", }, { model: "db2 connect unlimited advanced edition for system z", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "flashcopy manager for db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.0", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "flashcopy manager for db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1.2", }, { model: "tivoli storage manager for virtual environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.4", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.7", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.3", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "jdk update2", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.2", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.3", }, { model: "domino fix pack if", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.133", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "phaser", scope: "eq", trust: 0.3, vendor: "xerox", version: "30203.50.01.10", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.32", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.5.1.1", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5", }, { model: "bbm protected on ios", scope: "eq", trust: 0.3, vendor: "blackberry", version: "2.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.13", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.3", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "smartcloud entry fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.110", }, { model: "rational build utility", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "cms r16.3 r7", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v70007.3.0.12", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079470", }, { model: "db2 connect enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.16", }, { model: "infosphere information analyzer", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "rational developer for aix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.01", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.032", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "5.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "tivoli netcool configuration manager", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.4.1.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "ctpos 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "mq appliance m2000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "api management", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "jre update2", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "content analysis system", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "jre update15", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.19", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "aura experience portal sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.2", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.1", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.0.590", }, { model: "java", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.0.0.600", }, { model: "tivoli storage manager for virtual environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.2.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "aura presence services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "linux enterprise server sp4 ltss", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.3", }, { model: "jre", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.50", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "workcentre r1", scope: "eq", trust: 0.3, vendor: "xerox", version: "6400061.070.105.25200", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.1", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.4", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "db2 connect application server advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "network node manager ispi for ip telephony", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.4", }, { model: "gpfs for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "87310", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.5", }, { model: "system m4 hdtype", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2.3", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.13", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere service registry and repository studio", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "java sdk sr fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "7910", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "jre 1.5.0 08", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.8.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.6", }, { model: "smartcloud entry appliance fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.4.0.5", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.4.01", }, { model: "aura application server sip core pb5", scope: "eq", trust: 0.3, vendor: "avaya", version: "53003.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "websphere mq for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "jdk update33", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.2", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.21", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.13", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.2", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.03", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.15", }, { model: "sterling connect:direct browser", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "messaging application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.045", }, { model: "jre update10", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "websphere real time sr9", scope: "ne", trust: 0.3, vendor: "ibm", version: "3", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "domino fix pack interim f", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.12", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.52", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "jdk update6", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.03", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.37", }, { model: "jre update7", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.01", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.01", }, { model: "jdk update10", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "infosphere optim data masking solution", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3.0.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "java sdk sr16-fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "link for windows", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.2.0.28", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.0.9", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x73230", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "domino fp if4", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.36", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.0", }, { model: "jre update13", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "security appscan standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.6", }, { model: "workcentre spar", scope: "ne", trust: 0.3, vendor: "xerox", version: "355025.003.33.000", }, { model: "buildforge ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.2.37", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.2(3.1)", }, { model: "netezza platform software 7.1.0.5-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "jdk update21", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.18", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1.5", }, { model: "tivoli composite application manager for soa", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "db2 query management facility", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x57145", }, { model: "java sdk sr5", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "rational developer for aix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.00", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "jre", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.60", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35001.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.041", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.6", }, { model: "flashsystem 9846-ac1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "app for vmware", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "cognos tm1 interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.2", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "jdk update25", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "chassis management module 2pet12h", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "xiv storage system gen3", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.2.0", }, { model: "tivoli storage flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "control center ifix02", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.0", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "bbm protected on ios", scope: "ne", trust: 0.3, vendor: "blackberry", version: "2.7.0.32", }, { model: "enterprise linux hpc node", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flashcopy manager for custom applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "i", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "security identity governance", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "tivoli storage manager operations center", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.4.2.200", }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.3", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.5", }, { model: "jdk update27", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.43", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "communication server 1000e signaling server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.24", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.04", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "jdk update15", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "platform cluster manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "network node manager ispi performance for qa", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.122", }, { model: "tivoli provisioning manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.027", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "db2 enterprise server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "db2 connect application server advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "content analysis system", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "1.2.3.1", }, { model: "chassis management module 2pet12d", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x571460", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.6", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.025", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "work browser for bes10/bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.1.17483.17", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.8.05", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.0", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.5", }, { model: "rational agent controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.3.3", }, { model: "tivoli asset management for it", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1.0", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.18", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.4", }, { model: "network node manager ispi performance for metrics", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "communication server 1000m", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "jdk update25", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.250", }, { model: "db2 advanced enterprise server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "hp-ux b.11.23 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v2)", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.5", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.12", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1.0", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.2", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.21", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.4", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.211", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.2", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.2", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "websphere mq mqipt", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.033", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.01", }, { model: "flashcopy manager for db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "mq light", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.0.1", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "cognos tm1 fp4", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.1", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v37007.3.0.12", }, { model: "jdk 01", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "cms r16.3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.43", }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.11", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "bbm protected on android", scope: "eq", trust: 0.3, vendor: "blackberry", version: "2.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.19", }, { model: "domino interim fix", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.03", }, { model: "db2 recovery expert for linux unix and windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.0", }, { model: "domino fix pack interim f", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.15", }, { model: "mashup center", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.7", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "flashcopy manager for unix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "netezza platform software 7.0.2.16-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "jdk update9", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "workflow for bluemix", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.043", }, { model: "jre update26", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.260", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.060", }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.411", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "rational automation framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.3", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6.0", }, { model: "db2 recovery expert for linux unix and windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "6.0", }, { model: "sterling connect:direct for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "java sdk sr14", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0.2", }, { model: "link for mac os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.2.1.16", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "10.0", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.5", }, { model: "linux enterprise server sp2 ltss", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "tivoli network performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.41", }, { model: "network node manager ispi for ip multicast qa", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.3", }, { model: "domino fp if3", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.24", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.10", }, { model: "websphere process server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.2", }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "jre update4", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "aura application server sip core", scope: "eq", trust: 0.3, vendor: "avaya", version: "53002.0", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.2", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.3.0.3", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.2", }, { model: "cognos tm1 fp if", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5.238", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.036", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "db2 connect unlimited edition for system i", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.11", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.3", }, { model: "bcaaa", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.1", }, { model: "work connect for bes10/bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.0.17483.21", }, { model: "jdk update24", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.1.8", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.051", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5", }, { model: "jre", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.8.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.4", }, { model: "domino if", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.06", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.29", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.9", }, { model: "one-x client enablement services sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "content analysis system", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "jre update5", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.50", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "blend for mac", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "java sdk", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.15", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.195", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.034", }, { model: "java sdk sr16", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v50007.5.0.2", }, { model: "security appscan standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.3", }, { model: "xiv storage system gen3", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1.0", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0.1", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "web experience factory", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "work space manager for bes10/bes12 24755 137", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.13", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.11", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "operations analytics predictive insights", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "infosphere global name management", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "jdk 1.5.0.0 04", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "network node manager ispi performance for qa", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.4", }, { model: "hp-ux b.11.11 (11i", scope: "eq", trust: 0.3, vendor: "hp", version: "v1)", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "jdk update28", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.280", }, { model: "domino fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.36", }, { model: "secure work space for bes10/bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.1.0.150360", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.6", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.6", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "tivoli asset management for it", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.010", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1.2", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.038", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.5", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.2", }, { model: "websphere service registry and repository studio", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.4", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073800", }, { model: "sterling connect:direct browser", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.11", }, { model: "jdk update7", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.9", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.00", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.04", }, { model: "network node manager ispi performance for metrics", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "phaser", scope: "ne", trust: 0.3, vendor: "xerox", version: "36001.70.03.06", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "jre update11", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.0", }, { model: "infosphere master data management patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.4", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "network node manager ispi performance for qa", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "system idataplex dx360 m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x63910", }, { model: "infosphere master data management server", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "flashcopy manager for oracle with sap environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "aura utility services sp7", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1.6", }, { model: "jre update27", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "jre update17", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "jdk update27", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.270", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.32", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.303", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.56", }, { model: "chassis management module 2pet10h", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v50007.3.0.12", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.4.0", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "tivoli asset discovery for distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "notes", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.19", }, { model: "network node manager ispi performance for metrics", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "tivoli asset management for it", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.12", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.3", }, { model: "flashsystem 9848-ac1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.25", }, { model: "blend for blackberry", scope: "eq", trust: 0.3, vendor: "blackberry", version: "100", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.013", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.21", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "java sdk 6r1 sr8-fp4", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "infosphere master data management provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.12", }, { model: "sterling control center ifix03", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.41", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.0.3", }, { model: "norman shark industrial control system protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "jdk 07", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.4", }, { model: "flashsystem 9846-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "workcentre", scope: "eq", trust: 0.3, vendor: "xerox", version: "32153.50.01.10", }, { model: "websphere appliance management center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "communication server 1000m", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.6", }, { model: "messaging application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.11", }, { model: "jdk update31", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.11", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "3.6", }, { model: "flashsystem 9846-ac2", scope: "eq", trust: 0.3, vendor: "ibm", version: "v90000", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.3", }, { model: "communication server 1000m signaling server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.6", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.3.8.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.5", }, { model: "chassis management module 2pet12i", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2.1", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.2", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.366", }, { model: "jdk update13", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "chassis management module 2pet10m", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "communication server 1000e", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.6", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "tivoli system automation for integrated operations management", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.4", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.032", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.45", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "websphere mq", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.03", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "jdk update19", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "chassis management module 2pete5o", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "flashsystem 9848-ac2", scope: "ne", trust: 0.3, vendor: "ibm", version: "v90007.5.1.0", }, { model: "communications session border controller scz7.2.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "rational developer for aix and cobol", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.21", }, { model: "multi-enterprise integration gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.0.1", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v70007.5.0.2", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.1.8", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "buildforge ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.3.66", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079440", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.32", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.0", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "websphere real time sr7", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4", }, { model: "sterling connect:direct browser", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.2", }, { model: "jdk update30", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.300", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x571430", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "tivoli storage manager operations center", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.07", }, { model: "bbm on blackberry os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "100", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.051", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "bes12 client", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.0.0.70", }, { model: "message networking", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "ctp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.14", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "smartcloud entry appliance fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.0.3", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.19", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.37", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.045", }, { model: "work space manager for bes10/bes12 24144 68", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.2", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3.0.5", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "java sdk sr16-fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.14", }, { model: "sametime community server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2", }, { model: "aura system manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.303", }, { model: "tivoli workload scheduler distributed fp07", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "content collector for sap applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.5", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "smartcloud entry appliance fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.024", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.20", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.2", }, { model: "jre 07", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.3", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.0.1", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.23", }, { model: "enterprise", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.2.2", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.7", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.02", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.12", }, { model: "tivoli workload scheduler distributed fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "flashsystem 9848-ae2", scope: "eq", trust: 0.3, vendor: "ibm", version: "v90000", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.038", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "chassis management module 2pet12f", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.10", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.040", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.4", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.10", }, { model: "aura session manager sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "bbm protected on android", scope: "ne", trust: 0.3, vendor: "blackberry", version: "2.7.0.6", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.11", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0.0", }, { model: "work space manager for bes10/bes12 25374 241", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.041", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.029", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "flashcopy manager for unix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "websphere real time", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.2", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.5", }, { model: "java sdk r1", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "java sdk 7r1 sr2", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "network node manager ispi for ip multicast qa", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flashcopy manager for db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.9", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "websphere process server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.6", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363073770", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "aura conferencing sp7", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "linux enterprise module for legacy software", scope: "eq", trust: 0.3, vendor: "suse", version: "12", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "project openssl 1.0.0h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "infosphere identity insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.21", }, { model: "flashsystem 9846-ae2", scope: "ne", trust: 0.3, vendor: "ibm", version: "v90007.5.1.0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "web experience factory", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.010", }, { model: "tivoli netcool configuration manager if", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.3.0.6003", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.027", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.022", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.4", }, { model: "aura system manager sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "sterling connect:direct browser ifix10", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.2", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5.3", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15", }, { model: "security appscan standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.2", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "cognos insight standard edition fp if", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.124", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational agent controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "sterling control center ifix04", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.2.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.6.1.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "java sdk sr16-fp8", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054540", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "platform cluster manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2", }, { model: "jdk update17", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "ctpos 6.6r5", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.7", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.13", }, { model: "websphere real time sr fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "3810", }, { model: "domino if", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.07", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "tivoli asset management for it", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "rational developer for aix and cobol", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "workcentre 3025bi", scope: "eq", trust: 0.3, vendor: "xerox", version: "3.50.01.10", }, { model: "sterling connect:direct browser ifix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.212", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.033", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.1", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "sterling control center ifix03", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.1.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "jre 1.6.0 31", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.021", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "jdk 0 03", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "java sdk sr9", scope: "ne", trust: 0.3, vendor: "ibm", version: "7", }, { model: "jdk update20", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "db2 query management facility", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "communication server 1000e signaling server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "bbm on ios", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.302", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.3", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.10", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.4", }, { model: "network node manager ispi performance for qa", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.7", }, { model: "blend for windows", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.4", }, { model: "rational build utility", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "security identity manager virtual appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "chassis management module 2peo12i", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.4", }, { model: "notes fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.36", }, { model: "tivoli storage manager for virtual environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.0", }, { model: "lotus quickr for websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "flashcopy manager for custom applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.060", }, { model: "flashcopy manager for unix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "chassis management module 2pet10c", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.02", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "chassis management module 2pet10f", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli network performance manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3", }, { model: "sterling control center ifix02", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.34", }, { model: "jdk update21", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.10", }, { model: "rational developer for aix and cobol", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "java sdk sr13-fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355042540", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "network node manager ispi performance for metrics", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.029", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.6", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.5", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.2", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.1", }, { model: "one-x client enablement services sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.7", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5.2", }, { model: "blend for ios", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.10", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.06", }, { model: "tivoli monitoring fp4", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1.5", }, { model: "websphere process server hypervisor edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "phaser", scope: "eq", trust: 0.3, vendor: "xerox", version: "30523.50.01.11", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "work space manager for bes10/bes12 24651 124", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.3", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.28", }, { model: "xiv storage system gen3 a", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.0", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.030", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "java sdk sr13", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.209", }, { model: "jre 1.5.0 09-b03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.9", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.41", }, { model: "message networking", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "tivoli storage manager for virtual environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.0.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "enterprise linux server eus 6.6.z", scope: null, trust: 0.3, vendor: "redhat", version: null, }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.0.4", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.051", }, { model: "security appscan standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "flashcopy manager for oracle with sap environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.0", }, { model: "db2 connect application server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bbm on windows phone", scope: "ne", trust: 0.3, vendor: "blackberry", version: "2.0.0.25", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "flashcopy manager for oracle with sap environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.42", }, { model: "message networking", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "jre update30", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.300", }, { model: "java sdk 7r1 sr1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "ctpview", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.10", }, { model: "link for mac os (build", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.0.16)", }, { model: "meeting exchange", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.13", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.034", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.27", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.0.1", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.7", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "websphere application server community edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0.4", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "jre update5", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "tivoli system automation for integrated operations management", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "pureapplication system", scope: "ne", trust: 0.3, vendor: "ibm", version: "2.1.0.2", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.4", }, { model: "app for stream", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "rational sap connector", scope: "ne", trust: 0.3, vendor: "ibm", version: "4.0.0.8", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.035", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.6", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.1", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "jdk update11", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.0", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.2", }, { model: "java sdk sr3", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.42", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.3", }, { model: "work space manager for bes10/bes12 23853 47", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "java", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.0.0.480", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.026", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "tivoli netcool configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.2", }, { model: "work space manager for bes10/bes12 25616 10", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "operations analytics predictive insights", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.4", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.0", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.33", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "9.20", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2.2", }, { model: "workcentre spar", scope: "eq", trust: 0.3, vendor: "xerox", version: "35500", }, { model: "os image for aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.0", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.31", }, { model: "tivoli monitoring fixpack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.24", }, { model: "web experience factory", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.18", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "aura conferencing sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "security access manager for web", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365042550", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.3", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v70007.4.0.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.2", }, { model: "java sdk sr1", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.040", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.31", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.012", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.3", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.10", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0.3", }, { model: "db2 advanced workgroup server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "bbm meetings for android", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "cms r17 r4", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "datapower gateway", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.0.1.9", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.065", }, { model: "cognos insight standard edition fp if", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.214", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.11", }, { model: "tivoli storage manager operations center", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.1.200", }, { model: "network node manager ispi for ip telephony", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.305", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.01", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.5", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3.0.10", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.5.03.00", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.45", }, { model: "integration bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1.4", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.037", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.01", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli storage manager client management services", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "bbm meetings for ios", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2", }, { model: "i", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.17", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.7", }, { model: "sametime community server limited use", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "platform cluster manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1", }, { model: "jdk update22", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.220", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.12", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571470", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.31", }, { model: "content collector for sap applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "db2 developer edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.0.10", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.0", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.5", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.0.8", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "communication server 1000e signaling server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.6", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365041990", }, { model: "flashcopy manager for oracle with sap environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.1.1", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.11", }, { model: "network node manager ispi for net", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.2", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "87340", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.041", }, { model: "aura system manager sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "domino fix pack interim f", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.24", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.12", }, { model: "secure work space for bes10/bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.1.0.150359", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.015", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "flashcopy manager for oracle", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "cms r17 r3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "jre", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.180", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "flashcopy manager for db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "integration bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "10", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.045", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.16", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.22", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "db2 enterprise server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "integrated management module", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.47", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "domino interim fix", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.06", }, { model: "websphere process server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.15", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.051", }, { model: "java sdk sr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "java sdk sr1", scope: "ne", trust: 0.3, vendor: "ibm", version: "8", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "websphere real time sr7 fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3.0.5", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "bbm meetings for windows", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.2", }, { model: "bes", scope: "ne", trust: 0.3, vendor: "blackberry", version: "50", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "websphere message broker", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "jre update28", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.19", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.11", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "jdk update13", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.1", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.02", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "work space manager for bes10/bes12 24998 176", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.6", }, { model: "mint", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "bes12", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.1", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3", }, { model: "sterling control center ifix04", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.0.1", }, { model: "flashcopy manager for oracle with sap environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "link for windows", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.0.1.12", }, { model: "jdk update4", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "tivoli monitoring", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.3", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.024", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "jdk update23", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.045", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.03", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.5", }, { model: "java sdk 7r1 sr3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571490", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.3.6", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "jre 1.6.0 33", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "aura application server sip core pb3", scope: "eq", trust: 0.3, vendor: "avaya", version: "53003.0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.038", }, { model: "db2 purescale feature", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.040", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli storage flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.1.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.5", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "network node manager ispi performance for traffic", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.029", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.5", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "network node manager ispi for mpls vpn", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "chassis management module 2pete6l", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2.3", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.11", }, { model: "integrated management module", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.00", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.12", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1010.3.1.1154", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "java", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.0.85", }, { model: "aura system manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "chassis management module 2peo12p", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.16", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "jboss enterprise application platform", scope: "ne", trust: 0.3, vendor: "redhat", version: "6.4", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.05", }, { model: "bes12 client", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.0.0.74", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.023", }, { model: "jre update6", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "flashcopy manager for db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.41", }, { model: "lotus widget factory", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.0.1", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "tivoli access manager for e-business", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "jdk 0 09", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5", }, { model: "network node manager ispi for ip telephony", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "flashcopy manager for custom applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.0", }, { model: "aura conferencing sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.5", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.470", }, { model: "java sdk sr16-fp3", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "flashcopy manager for custom applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1.2", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.13", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.022", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.7", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.3", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.11", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.09", }, { model: "rational developer for aix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "proactive contact", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.021", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.5", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.11", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.29", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "bbm meetings for mac", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "java sdk 6r1 sr8-fp3", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "websphere real time sr5", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "sterling control center ifix03", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.2.1", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1.1", }, { model: "domino fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.36", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "network node manager ispi for ip telephony", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "jdk update5", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1.0.9", }, { model: "websphere real time sr8 fp10", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "sterling connect:direct for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.4", }, { model: "rational agent controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.06", }, { model: "flashsystem 9846-ac2", scope: "ne", trust: 0.3, vendor: "ibm", version: "v90007.5.1.0", }, { model: "aura application server sip core", scope: "eq", trust: 0.3, vendor: "avaya", version: "53003.0", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.02", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.07", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.11", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "network node manager ispi for net", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.3", }, { model: "sterling connect:direct browser ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.5.0.213", }, { model: "jdk update25", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "aura experience portal sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v35007.3.0.12", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2.3", }, { model: "phaser 3300mfp", scope: "eq", trust: 0.3, vendor: "xerox", version: "20.105.52.000", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.6", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "os image for red hat", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0.0", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.4", }, { model: "flashsystem 9848-ac0", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v37007.4.0.5", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura system platform sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.160", }, { model: "jre update28", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.280", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.2", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.51", }, { model: "jdk 1.6.0 01-b06", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "blend for android", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.2.0", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "i", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura system platform sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.2", }, { model: "rational requisitepro", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.4", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x571910", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.017", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "b2b advanced communications", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.0.3", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.32", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.4", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "tivoli storage flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "jdk 1.5.0.0 03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "sterling connect:direct for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.6", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "network node manager ispi for net", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.1", }, { model: "chassis management module 2pet10i", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.16", }, { model: "jre update33", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.12", }, { model: "bes12 client", scope: "eq", trust: 0.3, vendor: "blackberry", version: "12.0.0.69", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.4", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.1.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "link for mac os (build", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.1.135)", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.27", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x571450", }, { model: "network node manager i", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "java sdk sr11", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "java sdk sr15", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "aura conferencing sp6", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "jdk update18", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5", }, { model: "mashup center", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.8", }, { model: "security appscan standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.7", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.5", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.6", }, { model: "domino fix pack if", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.367", }, { model: "jre update1", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.18", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.3", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.12", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.20", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.03", }, { model: "aura messaging sp4", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.1", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.031", }, { model: "rational developer for aix and cobol", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli provisioning manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "enterprise linux hpc node", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3.0.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "db2 connect unlimited advanced edition for system z", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.030", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "notes", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "websphere service registry and repository studio", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.17", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "rational sap connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0.4", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.019", }, { model: "api management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "jre 1.6.0 37", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6", }, { model: "project openssl 0.9.8f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bbm on android", scope: "ne", trust: 0.3, vendor: "blackberry", version: "2.7.0.6", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "netezza platform software 7.0.4.7-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "network node manager ispi performance for traffic", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.19", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.7", }, { model: "project openssl 0.9.8u", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "network node manager ispi for mpls vpn", scope: "eq", trust: 0.3, vendor: "hp", version: "9.2", }, { model: "link for windows", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.2.3.48", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "flashsystem 9848-ae2", scope: "ne", trust: 0.3, vendor: "ibm", version: "v90007.5.1.0", }, { model: "communications session border controller scz7.4.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.410", }, { model: "phaser", scope: "eq", trust: 0.3, vendor: "xerox", version: "32603.50.01.11", }, { model: "bbm protected on blackberry os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "db2 connect enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.16", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "phaser", scope: "eq", trust: 0.3, vendor: "xerox", version: "36000", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "cms r16.3 r6", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "rational automation framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.1", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "app for netapp data ontap", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.3", }, { model: "notes fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.13", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "infosphere master data management server", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.1.0", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.035", }, { model: "network node manager ispi performance for traffic", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.25", }, { model: "aura system platform sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.51", }, { model: "network node manager ispi for mpls vpn", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.039", }, { model: "websphere process server hypervisor edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1", }, { model: "license metric tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.4", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:direct browser", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5", }, { model: "java sdk sr8-fp10", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.13", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.12", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.026", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "datapower gateway", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.1.0.4", }, { model: "alienvault", scope: "ne", trust: 0.3, vendor: "alienvault", version: "4.15.1", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "5.0.12", }, { model: "flashsystem 9848-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "jre update6", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.60", }, { model: "tivoli access manager for e-business", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.1", }, { model: "java sdk sr4", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "netezza platform software 7.0.2.15-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.055", }, { model: "chassis management module 2pet12k", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.13", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.8", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.014", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "notes", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1.3", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079450", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.19", }, { model: "websphere process server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.4", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flashcopy manager for oracle", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "aura communication manager ssp04", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.040", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.6", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.011", }, { model: "flashcopy manager for custom applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.0", }, { model: "malware analyzer g2", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.5", }, { model: "jdk update14", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "chassis management module 2pet10d", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "infosphere identity insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "7.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.1.8", }, { model: "websphere lombardi edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2.3", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "meeting exchange", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.039", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "chassis management module 2pet10k", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "idataplex dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79790", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "jdk update1", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.23", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.61", }, { model: "dataquant", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "malware analysis appliance", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "4.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.8.06", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.44", }, { model: "rational automation framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "websphere real time sr6", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5.0", }, { model: "norman shark scada protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "b2b advanced communications", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.0.2", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "websphere mq for openvms", scope: "eq", trust: 0.3, vendor: "ibm", version: "v6", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.1", }, { model: "websphere real time sr4-fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "3", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.16", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.5", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.6", }, { model: "chassis management module 2pet10g", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "jre update21", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.6", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.11", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.9", }, { model: "bbm on windows phone", scope: "eq", trust: 0.3, vendor: "blackberry", version: "2.0.0.24", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.11", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.08", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.037", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.0.1", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.7", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1.1", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.45", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.8", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.8", }, { model: "rational developer for i", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "chassis management module 2pet12p", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.8", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.6", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.3", }, { model: "tivoli monitoring fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.205", }, { model: "jre update32", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.320", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.2", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1.3", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.1", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.6", }, { model: "cics transaction gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.2", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.170", }, { model: "chassis management module 2pet12o", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.18", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "norman shark network protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.041", }, { model: "java sdk sr16-fp4", scope: "ne", trust: 0.3, vendor: "ibm", version: "6", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.7", }, { model: "work space manager for bes10/bes12 23819 44", scope: null, trust: 0.3, vendor: "blackberry", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.12", }, { model: "flashcopy manager for oracle with sap environments", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "sterling connect:direct browser ifix", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.4.11.04", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.19", }, { model: "storediq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "sametime community server hf1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "as infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "8.1", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "sterling connect:direct browser user interface", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.11", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "jre 1.5.0 09", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "flashcopy manager for oracle", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "jre update25", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3.0.1", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "netezza platform software 7.0.4.8-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.10", }, { model: "rational developer for aix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12.1", }, { model: "notes", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.010", }, { model: "network node manager ispi for ip multicast qa", scope: "eq", trust: 0.3, vendor: "hp", version: "10.0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "rational collaborative lifecycle management", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.3", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "datapower gateway", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.0.0.6", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.4", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "rational requisitepro", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v35007.5.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.2", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.6", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.6", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "rational engineering lifecycle manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.3", }, { model: "tririga for energy optimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571430", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.1", }, { model: "network node manager ispi for net", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "workload deployer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.17", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.141", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.12", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "domino", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "flashsystem 9846-ac0", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.4", }, { model: "notes", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1.2", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5.045", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x63800", }, { model: "java", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.0.0.205", }, { model: "smartcloud entry", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.0", }, { model: "security privileged identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.1", }, { model: "content collector for sap applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "ctpview 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v35007.4.0.5", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.16", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "sterling connect:direct browser", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.2", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v37007.5.0.2", }, { model: "smartcloud entry fp", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.19", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "security appscan standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8", }, { model: "domino fix pack interim f", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.36", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "rational doors web access", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.6.1.3", }, { model: "jdk update16", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.123", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0.1", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "jdk update26", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "websphere process server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079460", }, { model: "idataplex dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "chassis management module 2pet12e", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.153", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.213", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.2", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.2", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.110", }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.020", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571920", }, { model: "java sdk", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "tivoli netcool configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.6", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.023", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.15", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3.0", }, { model: "linux enterprise server", scope: "eq", trust: 0.3, vendor: "suse", version: "12", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "linux enterprise software development kit", scope: "eq", trust: 0.3, vendor: "suse", version: "12", }, { model: "java sdk sr16-fp3", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.33", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "db2 connect unlimited edition for system i", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1.2", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.14", }, { model: "db2 connect unlimited edition for system z", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.05", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "domino fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.35", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "bbm on ios", scope: "ne", trust: 0.3, vendor: "blackberry", version: "2.7.0.32", }, { model: "tivoli storage flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.12", }, { model: "websphere message broker", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.13", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1010.3.0.1052", }, { model: "enterprise manager ops center", scope: "ne", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "messaging application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.0", }, { model: "cloud manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.2", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "jdk update29", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "jdk", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.0.180", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "jre update9", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.7.0", }, { model: "datapower gateway", scope: "ne", trust: 0.3, vendor: "ibm", version: "6.0.0.13", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "bbm protected on blackberry", scope: "eq", trust: 0.3, vendor: "blackberry", version: "100", }, { model: "storwize", scope: "ne", trust: 0.3, vendor: "ibm", version: "v50007.4.0.5", }, { model: "chassis management module 2pet10q", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "websphere real time sr", scope: "eq", trust: 0.3, vendor: "ibm", version: "39", }, { model: "aura presence services sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.3", }, { model: "web experience factory", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.3", }, { model: "websphere service registry and repository studio", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "db2 connect application server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "network node manager ispi performance for traffic", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "smartcloud entry fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.09", }, { model: "network node manager ispi for mpls vpn", scope: "eq", trust: 0.3, vendor: "hp", version: "9.1", }, { model: "communication server 1000m signaling server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "java sdk sr8", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "java", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.75", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.2", }, { model: "tivoli asset management for it", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.1", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "communication server 1000e", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.1.8", }, { model: "rational rhapsody design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.5", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "tivoli storage flashcopy manager for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "java sdk sr10", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.0", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3.0.5", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "java sdk sr4-fp1", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.6", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.6", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.01", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.34", }, { model: "chassis management module 2peo12e", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.12", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "jre update9", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.90", }, { model: "websphere service registry and repository studio", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational requirements composer", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.4", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "java sdk 7r1 sr2-fp10", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.4", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "5", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1.00", }, { model: "web experience factory", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.1", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.152", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.10", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "sterling control center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.4.2.1", }, { model: "rational developer for power systems software", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "cognos insight standard edition fp", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.24", }, { model: "java sdk sr13-fp2", scope: "eq", trust: 0.3, vendor: "ibm", version: "6", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.14", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "jdk update", scope: "eq", trust: 0.3, vendor: "sun", version: "1.6.016", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "aura application server sip core sp10", scope: "eq", trust: 0.3, vendor: "avaya", version: "53003.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "jdk 1.5.0 07-b03", scope: null, trust: 0.3, vendor: "sun", version: null, }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.2", }, { model: "flashcopy manager for unix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.0", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "flashcopy manager for unix and linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1.2", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1.0", }, { model: "security identity manager virtual appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.1", }, { model: "java sdk 6r1 sr8", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "mq light", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "cms r16", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.6", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "maximo asset management", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "universal device service", scope: "ne", trust: 0.3, vendor: "blackberry", version: "0", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "jre update", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6.031", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.18", }, { model: "xiv storage system gen2 10.2.4.e-6", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.35", }, { model: "db2 connect unlimited edition for system z", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "domino fp if", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.242", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "network node manager ispi for ip multicast qa", scope: "eq", trust: 0.3, vendor: "hp", version: "9.0", }, { model: "proactive contact", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.5", }, { model: "chassis management module 2pet10a", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "malware analyzer g2", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "rational business developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "cloud", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "domino fix pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.13", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "business process manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.12", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "rational developer for aix and cobol", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "buildforge", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350078390", }, { model: "jdk update22", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "flashcopy manager for oracle", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.0.0", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "jdk update15", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0", }, { model: "db2 workgroup server edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "flashcopy manager for oracle", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.11", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "communication server 1000m", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "jre update4", scope: "eq", trust: 0.3, vendor: "sun", version: "1.5.0.40", }, { model: "rational doors next generation", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1", }, { model: "rational software architect design manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "os", scope: "eq", trust: 0.3, vendor: "blackberry", version: "1010.3.0.1418", }, { model: "communication server 1000m signaling server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.8", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.33", }, { model: "flashcopy manager for custom applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "rational team concert", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.34", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.8", }, { model: "communication server 1000e", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.010", }, { model: "rational functional tester", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.12", }, ], sources: [ { db: "CERT/CC", id: "VU#243585", }, { db: "BID", id: "71936", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "CNNVD", id: "CNNVD-201501-171", }, { db: "NVD", id: "CVE-2015-0204", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8zc", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0204", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130545", }, ], trust: 0.6, }, cve: "CVE-2015-0204", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-0204", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "IPA", availabilityImpact: "None", baseScore: 7.8, confidentialityImpact: "Complete", exploitabilityScore: null, id: "JVNDB-2015-001672", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-0204", trust: 1.8, value: "MEDIUM", }, { author: "IPA", id: "JVNDB-2015-001672", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201501-171", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-0204", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2015-0204", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "CNNVD", id: "CNNVD-201501-171", }, { db: "NVD", id: "CVE-2015-0204", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before\n 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a does not properly perform boolean-type comparisons, which allows\n remote attackers to cause a denial of service (invalid read operation\n and application crash) via a crafted X.509 certificate to an endpoint\n that uses the certificate-verification feature (CVE-2015-0286). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a might allow attackers to cause a denial of service\n (NULL pointer dereference and application crash) via an invalid\n certificate key (CVE-2015-0288). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\n attackers to cause a denial of service (s2_lib.c assertion failure and\n daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 2.1.1 security update\nAdvisory ID: RHSA-2016:1650-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html\nIssue date: 2016-08-22\nCVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 \n CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.1.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could\npossibly use this flaw to redirect HTTP requests performed by a CGI script\nto an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* It was found that OpenSSL's BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and\nCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. \nUpstream acknowledges Guido Vranken as the original reporter of\nCVE-2016-2105 and CVE-2016-2106. \n\n3. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a\nlist of non security related fixes. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]\n1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]\n1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header\n1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-5387\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.1\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html\nhttps://access.redhat.com/site/documentation/\nhttps://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\n\n6. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC\nVkvGRKSu76E7WPtB8TOdqyw=\n=7UQL\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n A memory leak can occur in the dtls1_buffer_record function under\n certain conditions. In particular this could occur if an attacker\n sent repeated DTLS records with the same sequence number but for the\n next epoch. The memory leak could be exploited by an attacker in a\n Denial of Service attack through memory exhaustion (CVE-2015-0206). \n \n When openssl is built with the no-ssl3 option and a SSL v3 ClientHello\n is received the ssl method would be set to NULL which could later\n result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from\n the ciphersuite (CVE-2014-3572). A server could present\n a weak temporary key and downgrade the security of the session\n (CVE-2015-0204). \n \n An OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This\n only affects servers which trust a client certificate authority which\n issues certificates containing DH keys: these are extremely rare and\n hardly ever encountered (CVE-2015-0205). \n \n OpenSSL accepts several non-DER-variations of certificate signature\n algorithm and signature encodings. OpenSSL also does not enforce a\n match between the signature algorithm between the signed and unsigned\n portions of the certificate. By modifying the contents of the signature\n algorithm or the encoding of the signature, it is possible to change\n the certificate's fingerprint. This does not allow an attacker to\n forge certificates, and does not affect certificate verification or\n OpenSSL servers/clients in any other way. It also does not affect\n common revocation mechanisms. Only custom applications that rely\n on the uniqueness of the fingerprint (e.g. certificate blacklists)\n may be affected (CVE-2014-8275). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\nng=en-us&cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant", sources: [ { db: "NVD", id: "CVE-2015-0204", }, { db: "CERT/CC", id: "VU#243585", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "BID", id: "71936", }, { db: "VULMON", id: "CVE-2015-0204", }, { db: "PACKETSTORM", id: "131045", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "138473", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130545", }, ], trust: 4.23, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0204", trust: 3.7, }, { db: "CERT/CC", id: "VU#243585", trust: 1.6, }, { db: "JVN", id: "JVNVU99125992", trust: 1.6, }, { db: "BID", id: "71936", trust: 1.4, }, { db: "JUNIPER", id: "JSA10679", trust: 1.4, }, { db: "BID", id: "91787", trust: 1.1, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "MCAFEE", id: "SB10110", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "JVNDB", id: "JVNDB-2015-001672", trust: 0.8, }, { db: "JVN", id: "JVNVU98974537", trust: 0.8, }, { db: "JVN", id: "JVNVU91828320", trust: 0.8, }, { db: "JVN", id: "JVNVU95877131", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-001009", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2022.0696", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.4252", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201501-171", trust: 0.6, }, { db: "VULMON", id: "CVE-2015-0204", trust: 0.1, }, { db: "PACKETSTORM", id: "131045", trust: 0.1, }, { db: "PACKETSTORM", id: "133318", trust: 0.1, }, { db: "PACKETSTORM", id: "138473", trust: 0.1, }, { db: "PACKETSTORM", id: "133317", trust: 0.1, }, { db: "PACKETSTORM", id: "130987", trust: 0.1, }, { db: "PACKETSTORM", id: "129870", trust: 0.1, }, { db: "PACKETSTORM", id: "131408", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "130545", trust: 0.1, }, ], sources: [ { db: "CERT/CC", id: "VU#243585", }, { db: "VULMON", id: "CVE-2015-0204", }, { db: "BID", id: "71936", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "PACKETSTORM", id: "131045", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "138473", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130545", }, { db: "CNNVD", id: "CNNVD-201501-171", }, { db: "NVD", id: "CVE-2015-0204", }, ], }, id: "VAR-201501-0338", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4675421719999999, }, last_update_date: "2024-07-23T19:53:23.981000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "アライドテレシス株式会社からの情報", trust: 1.6, url: "http://jvn.jp/vu/jvnvu99125992/522154/index.html", }, { title: "NV15-016", trust: 1.6, url: "http://jpn.nec.com/security-info/secinfo/nv15-016.html", }, { title: "[08 Jan 2015]", trust: 1.6, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { title: "3046015", trust: 0.8, url: "https://technet.microsoft.com/ja-jp/library/security/3046015", }, { title: "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { title: "HT204659", trust: 0.8, url: "https://support.apple.com/en-us/ht204659", }, { title: "HT204659", trust: 0.8, url: "https://support.apple.com/ja-jp/ht204659", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { title: "Only allow ephemeral RSA keys in export ciphersuites.", trust: 0.8, url: "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0", }, { title: "HS15-018", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-018/index.html", }, { title: "HS15-019", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-019/index.html", }, { title: "HPSBGN03299 SSRT101987", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04604357", }, { title: "HPSBHF03289", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04602055", }, { title: "HPSBUX03244 SSRT101885", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04556853", }, { title: "1883640", trust: 0.8, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", }, { title: "アライドテレシス株式会社からの情報 (JVNVU#98974537)", trust: 0.8, url: "https://jvn.jp/vu/jvnvu98974537/522154/index.html", }, { title: "アライドテレシス株式会社からの情報 (JVNVU#95877131)", trust: 0.8, url: "http://jvn.jp/vu/jvnvu95877131/522154/index.html", }, { title: "NV15-015", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-015.html", }, { title: "NV15-017", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-017.html", }, { title: "[19 Mar 2015] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150319.txt", }, { title: "Oracle Critical Patch Update Advisory - January 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { title: "Oracle Critical Patch Update Advisory - April 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { title: "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html", }, { title: "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "RHSA-2015:0800", trust: 0.8, url: "http://rhn.redhat.com/errata/rhsa-2015-0800.html", }, { title: "RHSA-2015:0849", trust: 0.8, url: "http://rhn.redhat.com/errata/rhsa-2015-0849.html", }, { title: "RHSA-2015:0066", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "January 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update", }, { title: "April 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "CVE-2015-0204", trust: 0.8, url: "https://www.suse.com/security/cve/cve-2015-0204.html", }, { title: "OpenSSLに複数の脆弱性 (19 Mar 2015)", trust: 0.8, url: "http://www.seil.jp/support/security/a01545.html", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html", }, { title: "HS15-018", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-018/index.html", }, { title: "HS15-019", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-019/index.html", }, { title: "TLSA-2015-2", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html", }, { title: "株式会社バッファロー の告知ページ", trust: 0.8, url: "http://buffalo.jp/support_s/s20150327b.html", }, { title: "Oracle Corporation Javaプラグインの脆弱性に関するお知らせ", trust: 0.8, url: "http://www.fmworld.net/biz/common/oracle/20150416.html", }, { title: "openssl-1.0.0p", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190", }, { title: "openssl-0.9.8zd", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189", }, { title: "openssl-1.0.1k.tar.gz", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191", }, { title: "Red Hat: Moderate: openssl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150066 - security advisory", }, { title: "Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150113-cve-2015-0204", }, { title: "Red Hat: CVE-2015-0204", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2015-0204", }, { title: "Symantec Security Advisories: SA91 : FREAK Attack", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=fb8c9ab0a61ac1def90eef5ef6757895", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2459-1", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=e17c368f43499efc420edc223af663db", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa5ab46566482c02434bb8cf65c9614e", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f", }, { title: "Tenable Security Advisories: [R6] OpenSSL '20150319' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-04", }, { title: "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=d9c34d2680d213e5c9dae973a42328f1", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2018", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8", }, { title: "FreakVulnChecker", trust: 0.1, url: "https://github.com/felmoltor/freakvulnchecker ", }, { title: "Freak-Scanner", trust: 0.1, url: "https://github.com/scottjpack/freak-scanner ", }, { title: "FREAK-Attack-CVE-2015-0204-Testing-Script", trust: 0.1, url: "https://github.com/abhishekghosh/freak-attack-cve-2015-0204-testing-script ", }, { title: "stuff", trust: 0.1, url: "https://github.com/thekondrashov/stuff ", }, { title: "non-controlflow-hijacking-datasets", trust: 0.1, url: "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets ", }, { title: "scz_doc_copy", trust: 0.1, url: "https://github.com/topcaver/scz_doc_copy ", }, { title: "checks", trust: 0.1, url: "https://github.com/cryptflow/checks ", }, { title: "tls", trust: 0.1, url: "https://github.com/greyleonie/tls ", }, { title: "JPN_RIC13351-2", trust: 0.1, url: "https://github.com/neominds/jpn_ric13351-2 ", }, { title: "script_a2sv", trust: 0.1, url: "https://github.com/f4rm0x/script_a2sv ", }, { title: "a2sv", trust: 0.1, url: "https://github.com/hahwul/a2sv ", }, { title: "a2sv", trust: 0.1, url: "https://github.com/84kaliplexon3/a2sv ", }, { title: "a2sv", trust: 0.1, url: "https://github.com/theripperjhon/a2sv ", }, { title: "sslscanner", trust: 0.1, url: "https://github.com/fireorb/sslscanner ", }, { title: "a2sv", trust: 0.1, url: "https://github.com/h4ck3rt3ch/a2sv ", }, { title: "HTTPSScan", trust: 0.1, url: "https://github.com/alexoslabs/httpsscan ", }, { title: "A2SV--SSL-VUL-Scan", trust: 0.1, url: "https://github.com/nyctophile6/a2sv--ssl-vul-scan ", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/07/06/awoogah_get_ready_to_patch_severe_bug_in_openssl_this_thursday/", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0204", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "CNNVD", id: "CNNVD-201501-171", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1.8, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "NVD", id: "CVE-2015-0204", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://www.smacktls.com/#freak", }, { trust: 1.6, url: "http://jvn.jp/vu/jvnvu99125992/index.html", }, { trust: 1.5, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.4, url: "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0", }, { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://rhn.redhat.com/errata/rhsa-2015-0849.html", }, { trust: 1.4, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2016-1650.html", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/71936", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://support.novell.com/security/cve/cve-2015-0204.html", }, { trust: 1.1, url: "https://freakattack.com/", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496289803847&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "https://www.openssl.org/news/secadv_20150319.txt", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142720981827617&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { trust: 1.1, url: "https://support.apple.com/ht204659", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0800.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143213830203296&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144043644216842&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142895206924048&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496179803395&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa91", }, { trust: 1.1, url: "https://security.gentoo.org/glsa/201503-11", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241", }, { trust: 1.1, url: "http://www-304.ibm.com/support/docview.wss?uid=swg21960769", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10110", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.8, url: "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html", }, { trust: 0.8, url: "http://cwe.mitre.org/data/definitions/757.html", }, { trust: 0.8, url: "http://cwe.mitre.org/data/definitions/326.html", }, { trust: 0.8, url: "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2", }, { trust: 0.8, url: "https://technet.microsoft.com/library/security/3046015.aspx", }, { trust: 0.8, url: "http://www.kb.cert.org/vuls/id/243585", }, { trust: 0.8, url: "http://www.ipa.go.jp/security/ciadr/vul/20150415-jre.html", }, { trust: 0.8, url: "http://www.jpcert.or.jp/at/2015/at150010.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98974537/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu95877131/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu91828320/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0204", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.6, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.6, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0696", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.4252/", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanv8#announce1", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699883", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699667", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/160", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101011689", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04773241", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022548", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022550", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005334", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902260", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903805", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960151", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960634", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963126", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21963526", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21964496", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21964610", }, { trust: 0.3, url: "http://www.ibm.com/support/docview.wss?uid=swg21964625", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964730", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21966177", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698818", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", }, { trust: 0.3, url: "http://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960515", }, { trust: 0.3, url: "https://www.xerox.com/download/security/security-bulletin/32cfd-51ec67c0f86df/cert_security_mini-_bulletin_xrx15ah_for_p3600_v1-0.pdf", }, { trust: 0.3, url: "https://www.xerox.com/download/security/security-bulletin/30b1a-51f527aa71c0f/cert_security_mini-_bulletin_xrx15aj_for_wc3550_v1-0.pdf", }, { trust: 0.3, url: "https://www.xerox.com/download/security/security-bulletin/38cb3-51fe2768b1a74/cert_security_mini-_bulletin_xrx15ak_for_p3635mfp_v1-0.pdf", }, { trust: 0.3, url: "https://www.xerox.com/download/security/security-bulletin/3497e-521fff9cafe80/cert_security_mini-_bulletin_xrx15am_for_p30xx_p3260_wc30xx_wc3225_v1-0.pdf", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902444", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902710", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960815", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957999", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959525", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21965448", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903747", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964850", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957855", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958902", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21959575", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959252", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699271", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020751", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101008182", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101011698", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101011712", }, { trust: 0.3, url: "https://service.sap.com/sap/support/notes/2163306", }, { trust: 0.3, url: "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903636", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005351", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963964", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903396", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21967539", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903541", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903029", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957813", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21965485", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964027", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903651", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958017", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903247", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903256", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903516", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21965920", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961223", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903031", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21965404", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962552", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958919", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21958918", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957919", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962838", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21962837", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960075", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902765", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902862", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902866", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959306", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903394", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957779", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21961493", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005328", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21964236", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21957995", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699938", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902635", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700163", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097912", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902694", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902277", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697291", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699235", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700168", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21697162", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700411", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701354", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700028", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022100", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005158", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanxd", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005370", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21960460", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963609", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21965940", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21967498", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21967709", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21967962", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968485", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21968869", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695985", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701453", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959002", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699052", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699810", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699069", }, { trust: 0.3, url: "https://www.xerox.com/download/security/security-bulletin/2e28e-523433d609b1d/cert_security_mini-_bulletin_xrx15ap_for_wc6400_v1-0.pdf", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0204", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.2, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.2, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/310.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2015:0066", }, { trust: 0.1, url: "https://github.com/felmoltor/freakvulnchecker", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=37722", }, { trust: 0.1, url: "https://usn.ubuntu.com/2459-1/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0291", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1787", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0290", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0292", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5387", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2106", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-2106", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-2105", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-3110", }, { trust: 0.1, url: "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-5387", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2105", }, { trust: 0.1, url: "https://access.redhat.com/security/vulnerabilities/httpoxy", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3110", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3570", }, { trust: 0.1, url: "https://access.redhat.com/site/documentation/", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=distributions&version=2.1.1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5432", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5433", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0235", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.1, url: "https://h20566.www2.hp.com/portal/site/hpsc/patch/home", }, { trust: 0.1, url: "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber", }, { trust: 0.1, url: "https://www.hp.com/go/swa", }, ], sources: [ { db: "CERT/CC", id: "VU#243585", }, { db: "VULMON", id: "CVE-2015-0204", }, { db: "BID", id: "71936", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "PACKETSTORM", id: "131045", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "138473", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130545", }, { db: "CNNVD", id: "CNNVD-201501-171", }, { db: "NVD", id: "CVE-2015-0204", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#243585", }, { db: "VULMON", id: "CVE-2015-0204", }, { db: "BID", id: "71936", }, { db: "JVNDB", id: "JVNDB-2015-001672", }, { db: "JVNDB", id: "JVNDB-2015-001009", }, { db: "PACKETSTORM", id: "131045", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "138473", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "130545", }, { db: "CNNVD", id: "CNNVD-201501-171", }, { db: "NVD", id: "CVE-2015-0204", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-03-06T00:00:00", db: "CERT/CC", id: "VU#243585", }, { date: "2015-01-09T00:00:00", db: "VULMON", id: "CVE-2015-0204", }, { date: "2015-01-08T00:00:00", db: "BID", id: "71936", }, { date: "2015-03-10T00:00:00", db: "JVNDB", id: "JVNDB-2015-001672", }, { date: "2015-01-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-001009", }, { date: "2015-03-27T20:43:39", db: "PACKETSTORM", id: "131045", }, { date: "2015-08-26T01:33:25", db: "PACKETSTORM", id: "133318", }, { date: "2016-08-22T23:25:00", db: "PACKETSTORM", id: "138473", }, { date: "2015-08-26T01:33:18", db: "PACKETSTORM", id: "133317", }, { date: "2015-03-24T17:05:09", db: "PACKETSTORM", id: "130987", }, { date: "2015-01-09T17:43:35", db: "PACKETSTORM", id: "129870", }, { date: "2015-04-14T18:54:44", db: "PACKETSTORM", id: "131408", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-02-26T17:13:09", db: "PACKETSTORM", id: "130545", }, { date: "2015-01-09T00:00:00", db: "CNNVD", id: "CNNVD-201501-171", }, { date: "2015-01-09T02:59:10.287000", db: "NVD", id: "CVE-2015-0204", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-10-27T00:00:00", db: "CERT/CC", id: "VU#243585", }, { date: "2018-07-19T00:00:00", db: "VULMON", id: "CVE-2015-0204", }, { date: "2018-10-08T07:00:00", db: "BID", id: "71936", }, { date: "2017-03-09T00:00:00", db: "JVNDB", id: "JVNDB-2015-001672", }, { date: "2017-03-09T00:00:00", db: "JVNDB", id: "JVNDB-2015-001009", }, { date: "2022-02-18T00:00:00", db: "CNNVD", id: "CNNVD-201501-171", }, { date: "2018-07-19T01:29:01.700000", db: "NVD", id: "CVE-2015-0204", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "130545", }, { db: "CNNVD", id: "CNNVD-201501-171", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)", sources: [ { db: "CERT/CC", id: "VU#243585", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-201501-171", }, ], trust: 0.6, }, }
var-201410-0371
Vulnerability from variot
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04540692
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04540692 Version: 1
HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-01-13 Last Updated: 2015-01-13
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OneView running OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information.
References:
CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 SSRT101739 SSRT101868
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OneView versions prior to 1.20
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software update to resolve the vulnerabilities in HP OneView.
Existing users may upgrade to HP OneView version 1.20 using the Update Appliance feature in HP OneView.
HP OneView version 1.20 is available from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =Z7550-63180
Note: The upgrade (.bin) or a new install (.ova) is also available:
An HP Passport login is required.
Go to the HP Software Depot site at http://www.software.hp.com and search for HP OneView.
HISTORY Version:1 (rev.1) - 13 January 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Summary
VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues. Relevant Releases
VMware Workstation 10.x prior to version 10.0.5
VMware Player 6.x prior to version 6.0.5
VMware Fusion 7.x prior to version 7.0.1 VMware Fusion 6.x prior to version 6.0.5
vCenter Server 5.5 prior to Update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG ESXi 5.1 without patch ESXi510-201404101-SG ESXi 5.0 without patch ESXi500-201405101-SG
- Problem Description
a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
VMware ESXi, Workstation, Player and Fusion contain an arbitrary
file write issue. Exploitation this issue may allow for privilege
escalation on the host.
The vulnerability does not allow for privilege escalation from
the guest Operating System to the host or vice-versa. This means
that host memory can not be manipulated from the Guest Operating
System.
Mitigation
For ESXi to be affected, permissions must have been added to ESXi
(or a vCenter Server managing it) for a virtual machine
administrator role or greater.
VMware would like to thank Shanon Olsson for reporting this issue to
us through JPCERT.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-8370 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any 6.0.5
ESXi 5.5 ESXi ESXi550-201403102-SG
ESXi 5.1 ESXi ESXi510-201404101-SG
ESXi 5.0 ESXi ESXi500-201405101-SG
b. VMware Workstation, Player, and Fusion Denial of Service vulnerability
VMware Workstation, Player, and Fusion contain an input validation
issue in the Host Guest File System (HGFS). This issue may allow
for a Denial of Service of the Guest Operating system.
VMware would like to thank Peter Kamensky from Digital Security for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1043 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any 7.0.1
Fusion 6.x any 6.0.5
c. VMware ESXi, Workstation, and Player Denial of Service vulnerability
VMware ESXi, Workstation, and Player contain an input
validation issue in VMware Authorization process (vmware-authd).
This issue may allow for a Denial of Service of the host. On
VMware ESXi and on Workstation running on Linux the Denial of
Service would be partial.
VMware would like to thank Dmitry Yudin @ret5et for reporting
this issue to us through HP's Zero Day Initiative.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-1044 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
Workstation 11.x any not affected
Workstation 10.x any 10.0.5
Player 7.x any not affected
Player 6.x any 6.0.5
Fusion 7.x any not affected
Fusion 6.x any not affected
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi ESXi510-201410101-SG
ESXi 5.0 ESXi not affected
d.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-3513, CVE-2014-3567,
CVE-2014-3566 ("POODLE") and CVE-2014-3568 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any Update 2d*
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
* The VMware vCenter 5.5 SSO component will be
updated in a later release
e. Update to ESXi libxml2 package
The libxml2 library is updated to version libxml2-2.7.6-17
to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2014-3660 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 ESXi ESXi550-201501101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware Workstation 10.x
https://www.vmware.com/go/downloadworkstation
VMware Player 6.x
https://www.vmware.com/go/downloadplayer
VMware Fusion 7.x and 6.x
https://www.vmware.com/go/downloadplayer
vCenter Server
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
ESXi 5.5 Update 2d
File: update-from-esxi5.5-5.5_update01.zip md5sum: 5773844efc7d8e43135de46801d6ea25 sha1sum: 6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065832 update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG
ESXi 5.5
File: ESXi550-201501001.zip md5sum: b0f2edd9ad17d0bae5a11782aaef9304 sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1 http://kb.vmware.com/kb/2099265 ESXi550-201501001.zip contains ESXi550-201501101-SG
ESXi 5.1
File: ESXi510-201404001.zip md5sum: 9dc3c9538de4451244a2b62d247e52c4 sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66 http://kb.vmware.com/kb/2070666 ESXi510-201404001 contains ESXi510-201404101-SG
ESXi 5.0
File: ESXi500-201405001.zip md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5 http://kb.vmware.com/kb/2075521 ESXi500-201405001 contains ESXi500-201405101-SG
- Change log
2015-01-27 VMSA-2015-0001 Initial security advisory in conjunction with the release of VMware Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d and, ESXi 5.5 Patches released on 2015-01-27. Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
This update adds support for Fallback SCSV to mitigate this issue.
CVE-2014-3568
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u13.
For the unstable distribution (sid), these problems have been fixed in version 1.0.1j-1.
We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1652-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1652.html Issue date: 2014-10-16 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================
- Summary:
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3513)
A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567)
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.2.src.rpm
i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.2.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.2.src.rpm
i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.2.ppc.rpm openssl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc.rpm openssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.2.s390.rpm openssl-1.0.1e-30.el6_6.2.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-devel-1.0.1e-30.el6_6.2.s390.rpm openssl-devel-1.0.1e-30.el6_6.2.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm openssl-static-1.0.1e-30.el6_6.2.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm openssl-perl-1.0.1e-30.el6_6.2.s390x.rpm openssl-static-1.0.1e-30.el6_6.2.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.2.src.rpm
i386: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.2.i686.rpm openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.i686.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm openssl-perl-1.0.1e-30.el6_6.2.i686.rpm openssl-static-1.0.1e-30.el6_6.2.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.6.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.6.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.6.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc.rpm openssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc.rpm openssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.6.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-devel-1.0.1e-34.el7_0.6.s390.rpm openssl-devel-1.0.1e-34.el7_0.6.s390x.rpm openssl-libs-1.0.1e-34.el7_0.6.s390.rpm openssl-libs-1.0.1e-34.el7_0.6.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm openssl-static-1.0.1e-34.el7_0.6.ppc.rpm openssl-static-1.0.1e-34.el7_0.6.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm openssl-perl-1.0.1e-34.el7_0.6.s390x.rpm openssl-static-1.0.1e-34.el7_0.6.s390.rpm openssl-static-1.0.1e-34.el7_0.6.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.6.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.6.i686.rpm openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.6.i686.rpm openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm openssl-static-1.0.1e-34.el7_0.6.i686.rpm openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-3513.html https://www.redhat.com/security/data/cve/CVE-2014-3567.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz qY686VXQQ02SLq5vTvKfuHk= =McEc -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0371", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "bladecenter advanced management module 3.66n", scope: "ne", trust: 0.9, vendor: "ibm", version: null, }, { model: "bladecenter advanced management module 3.66k", scope: null, trust: 0.9, vendor: "ibm", version: null, }, { model: "global console manager", scope: "ne", trust: 0.6, vendor: "ibm", version: "1.26.1.23978", }, { model: "global console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.4.2.15036", }, { model: "global console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.20.20.23447", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.6, vendor: "openssl", version: null, }, { model: "local console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.2.39.0", }, { model: "local console manager", scope: "eq", trust: 0.6, vendor: "ibm", version: "1.2.27.00", }, { model: "local console manager", scope: "ne", trust: 0.6, vendor: "ibm", version: "1.2.40.00", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "rational software architect realtime edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "q", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "16200", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "k", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "project openssl 0.9.8f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "58200", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "switch series r1809p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5820", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "msr4000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1.0", }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.5", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1", }, { model: "mcp r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6600", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "msr3000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sle client tools", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "850/8700", }, { model: "insight control server provisioning", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "r5203p11", scope: "ne", trust: 0.3, vendor: "hp", version: "3100v2", }, { model: "f5000-s", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr1000 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "msr9xx", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "j", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "58300", }, { model: "project openssl 1.0.1j", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0.0", }, { model: "wb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.3", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3.1.0", }, { model: "n", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 1.0.0o", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "pa", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aspera", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.5.2", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "m210", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "vsr1000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "r15xx", scope: "eq", trust: 0.3, vendor: "hp", version: "19100", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "119000", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.4", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "switch series r5319p10", scope: "ne", trust: 0.3, vendor: "hp", version: "3610", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "msr1000 russian version r2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "f5000-c", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.1", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.0.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.23", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.4", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "a6600", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "r1828p06", scope: "ne", trust: 0.3, vendor: "hp", version: "12500", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "r2122", scope: "ne", trust: 0.3, vendor: "hp", version: "7900", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.1", }, { model: "u200s and cs f5123p30", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.0.0", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.1", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "office connect ps1810", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "qradar siem mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "aura communication manager ssp04", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.7", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ex series network switches for ibm products pre 12.3r9", scope: null, trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "f1000-a", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.0.3", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "hsr6602 r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "m.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.3", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "a6600 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "79000", }, { model: "aspera proxy", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "1.2.3", }, { model: "si switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51200", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "f1000-s", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "3100v2-480", }, { model: "aspera mobile", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "msr93x", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "project openssl beta4", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "h.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "r1104", scope: "ne", trust: 0.3, vendor: "hp", version: "1620", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "u200s and cs", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.20", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "general parallel file system", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.0", }, { model: "project openssl beta5", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aspera drive", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0", }, { model: "russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6602", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.4", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "f1000-e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.3", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "12500(comware", scope: "eq", trust: 0.3, vendor: "hp", version: "v7)0", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "g switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "48000", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "vcx", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "57000", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5.0", }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3.1", }, { model: "msr50-g2", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5", }, { model: "r", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "esxi esxi550-20150110", scope: "ne", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "ei switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "5500", }, { model: "kb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr30", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.8.0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "129000", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "msr1000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr30 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "i.10", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "m.08", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 0.9.8m beta1", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.4.1", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "a6600 r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "9500e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-493", }, { model: "msr20 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.2", }, { model: "switch series r1118p11", scope: "ne", trust: 0.3, vendor: "hp", version: "5830", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.8", }, { model: "rational application developer for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "tivoli workload scheduler for z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.6", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.6", }, { model: "secblade iii", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "rational software architect realtime edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-453", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "sle client tools for x86 64", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4", }, { model: "msr30 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "tivoli workload scheduler for z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "msr50-g2 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-467", }, { model: "msr1000 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "vb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56001", }, { model: "ka", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "office connect pk", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "yb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "f5000 f3210p22", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.1", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.5", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.5.03.00", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.41", }, { model: "aspera ondemand for google cloud", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8.2.0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.21", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "aura utility services sp7", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.0", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "hsr6602 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "aspera console", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "2.5.3", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "e", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "mcp russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6600", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51200", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.2", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.2", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "msr50 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "hsr6800 r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.20", }, { model: "msr3000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "aspera faspex", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "3.9", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.40", }, { model: "msr2000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "va", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.32", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aspera ondemand for softlayer", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.4", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "125000", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.4", }, { model: "switch series r1809p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5800", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "aspera ondemand for azure", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5700", }, { model: "aspera shares", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "1.9", }, { model: "hi switch series r5501p06", scope: "ne", trust: 0.3, vendor: "hp", version: "5500", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "qradar risk manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "secblade iii r3820p03", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.46.4.2.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "aspera client", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "flex system fc3171 8gb san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "hsr6800 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.4", }, { model: "aspera outlook plugin", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "project openssl 0.9.8zc", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "switch series (comware", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v5)0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.0", }, { model: "r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: "6602", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.5", }, { model: "image construction and composition tool", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.3.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.2", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1.0", }, { model: "u200a and m", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.2.0", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.1", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56003", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "msr20-1x r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "r1105", scope: "ne", trust: 0.3, vendor: "hp", version: "1920", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.2.0", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "r11xx", scope: "eq", trust: 0.3, vendor: "hp", version: "19100", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.3", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1.2", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "tivoli workload scheduler for z/os connector fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "58000", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.5", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.1.0", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "esxi", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "aspera shares", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "1.7.3", }, { model: "si switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "5500", }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1.2", }, { model: "aspera connect server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "z/tpf", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "r2110p03", scope: "ne", trust: 0.3, vendor: "hp", version: "3100v2-48", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.3.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "ps110", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.33", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "9500e r1828p06", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.3.0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "f5000-s r3811p03", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.1.0", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "a6600 russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5108-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.3", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.6", }, { model: "switch series (comware", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v7)0", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.5", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2.1", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "qradar vulnerability manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "8.0", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.0", }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "msr30-16 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6602", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.8.1.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "msr30-16 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "msr20-1x russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ra", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "f5000-c r3811p03", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "si switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "55000", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.1", }, { model: "rf manager", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.9.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.6.0", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "tivoli workload scheduler for z/os connector fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx7412-05", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "hsr6800", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ei switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "5120", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "tivoli management framework", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.1", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "pureapplication system", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2", }, { model: "h.07", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ssl for openvms", scope: "ne", trust: 0.3, vendor: "hp", version: "1.4-495", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1.1", }, { model: "msr50 g2 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "sle client tools for s390x", scope: "eq", trust: 0.3, vendor: "suse", version: "10", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "cognos insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2.2", }, { model: "office connect pm", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "36100", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "msr30-16", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ya", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch series r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5900", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.26.2.1.2", }, { model: "hi switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "55000", }, { model: "msr30-1x russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3.0", }, { model: "msr30-1x", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.80", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-471", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "switch series r2110p03", scope: "ne", trust: 0.3, vendor: "hp", version: "3600v2", }, { model: "aura presence services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "12500(comware r7328p04", scope: "ne", trust: 0.3, vendor: "hp", version: "v7)", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aura presence services sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.0.1", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.4", }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.5", }, { model: "tivoli workload scheduler distributed fp07", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "w", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "msr30 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "r15xx r1513p95", scope: "ne", trust: 0.3, vendor: "hp", version: "1910", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "lotus protector for mail security", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.8.1.0", }, { model: "power hmc", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.7.7.0", }, { model: "msr4000 r0106p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "msr50 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "project openssl beta3", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "3600v20", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "msr30-1x r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "3100v20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "pb", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.56.5.1.0", }, { model: "msr50 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "aspera enterprise server", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "tivoli workload scheduler distributed fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "switch series r6708p10", scope: "ne", trust: 0.3, vendor: "hp", version: "7500", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.10", }, { model: "g switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: "4800", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2", }, { model: "project openssl beta1", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "f1000-e r3181p05", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "msr9xx r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "mcp russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "66000", }, { model: "4510g switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "r11xx r1107", scope: "ne", trust: 0.3, vendor: "hp", version: "1910", }, { model: "wx5002/5004", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msr30-16 r2513p33", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "msr30-1x russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "aspera point to point", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aspera console", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "2.3", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "msr50", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx3002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "aspera faspex", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "3.7.7", }, { model: "xcode", scope: "ne", trust: 0.3, vendor: "apple", version: "7.0", }, { model: "switch series r2111p06", scope: "ne", trust: 0.3, vendor: "hp", version: "11900", }, { model: "f1000-a r3734p06", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "security network intrusion prevention system gv200", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "hsr6602 russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "aspera orchestrator", scope: "ne", trust: 0.3, vendor: "asperasoft", version: "2.10", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "8300", }, { model: "flex system fc3171 8gb san switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "hsr6800 russian version r3303p18", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.5.1.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.3", }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.4.0", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "59200", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "y", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "u", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "insight control", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "4210g switch series r2221p08", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.4.34", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aspera proxy", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "l", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "server migration pack", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "4210g switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx5008-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "m220", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56002", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "f5000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aspera ondemand for amazon", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "virtual connect enterprise manager sdk", scope: "ne", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "ei switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "55000", }, { model: "sdk for node.js", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.1.0.9", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "msm", scope: "ne", trust: 0.3, vendor: "hp", version: "6.36.3.1.0", }, { model: "aura system manager sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sdk for node.js", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.2", }, { model: "server migration pack", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "msr20-1x", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "aspera cargo", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "59000", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "security network intrusion prevention system gx7412", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "storwize unified", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.3.0.5", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "msr2000", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "a", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "mcp", scope: "eq", trust: 0.3, vendor: "hp", version: "66000", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "125000", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "75000", }, { model: "qradar siem", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.3", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "19200", }, { model: "security network intrusion prevention system gx5208-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "si switch series r1513p95", scope: "ne", trust: 0.3, vendor: "hp", version: "5120", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "systems director common agent for linux", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.1", }, { model: "f", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security network intrusion prevention system gx4002", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "security network intrusion prevention system gx5208", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "qradar risk manager mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "security network intrusion prevention system gx5108", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.2", }, { model: "security network intrusion prevention system gx7412-10", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "switch series r1005p15", scope: "ne", trust: 0.3, vendor: "hp", version: "12900", }, { model: "systems director storage control", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.3.0", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "aura utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "security network intrusion prevention system gv1000", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "office connect p", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "aspera orchestrator", scope: "eq", trust: 0.3, vendor: "asperasoft", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "r2507p34", scope: "ne", trust: 0.3, vendor: "hp", version: "6000", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "f1000-s r3734p06", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "matrix operating environment", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "project openssl beta2", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "msr50 g2 russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "manager for sle sp2", scope: "eq", trust: 0.3, vendor: "suse", version: "111.7", }, { model: "studio onsite", scope: "eq", trust: 0.3, vendor: "suse", version: "1.3", }, { model: "msr20-1x russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "security network intrusion prevention system gx4004-v2", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6.1", }, { model: "cloudsystem matrix", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "secblade ssl vpn", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "66020", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "systems director", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0.0", }, { model: "insight control server deployment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "security network intrusion prevention system gx5008", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3", }, { model: "russian version", scope: "eq", trust: 0.3, vendor: "hp", version: "66020", }, { model: null, scope: "eq", trust: 0.3, vendor: "hp", version: "60000", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.0", }, { model: "office connect pl", scope: "eq", trust: 0.3, vendor: "hp", version: "18100", }, { model: "security network intrusion prevention system gx6116", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.6", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "msr20 russian version 2513l40.ru", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "secblade fw", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "u200a and m f5123p30", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "t", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "security network intrusion prevention system gx7800", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.4", }, { model: "switch series (comware r1208p10", scope: "ne", trust: 0.3, vendor: "hp", version: "10500v5)", }, { model: "4510g switch series", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "security network intrusion prevention system gx4004", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "vsr1000 r0204p01", scope: "ne", trust: 0.3, vendor: "hp", version: null, }, { model: "switch series r2311p05", scope: "ne", trust: 0.3, vendor: "hp", version: "5920", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.4", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "8.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "storage provisioning manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.3", }, { model: "security virtual server protection for vmware", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "ssl for openvms", scope: "eq", trust: 0.3, vendor: "hp", version: "1.4-476", }, { model: "systems director common agent for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.2", }, { model: "project openssl 0.9.8u", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.1", }, { model: "ei switch series r3108p03", scope: "ne", trust: 0.3, vendor: "hp", version: "5130", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0", }, ], sources: [ { db: "BID", id: "70585", }, { db: "NVD", id: "CVE-2014-3513", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3513", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "129932", }, { db: "PACKETSTORM", id: "130541", }, { db: "PACKETSTORM", id: "132082", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "132080", }, ], trust: 0.7, }, cve: "CVE-2014-3513", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2014-3513", impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "HIGH", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3513", trust: 1, value: "HIGH", }, { author: "VULMON", id: "CVE-2014-3513", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3513", }, { db: "NVD", id: "CVE-2014-3513", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04540692\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04540692\nVersion: 1\n\nHPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service\n(DoS), Unauthorized Access, and Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-01-13\nLast Updated: 2015-01-13\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OneView\nrunning OpenSSL and Bash Shell. These vulnerabilities (POODLE and Shellshock)\ncould be exploited remotely to create a Denial of Service (DoS), allow\nunauthorized access, or disclose information. \n\nReferences:\n\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-6271\nCVE-2014-6277\nCVE-2014-6278\nCVE-2014-7169\nCVE-2014-7186\nCVE-2014-7187\nSSRT101739\nSSRT101868\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OneView versions prior to 1.20\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-6271 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6277 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-6278 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7169 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7186 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-7187 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software update to resolve the vulnerabilities\nin HP OneView. \n\nExisting users may upgrade to HP OneView version 1.20 using the Update\nAppliance feature in HP OneView. \n\nHP OneView version 1.20 is available from the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=Z7550-63180\n\nNote: The upgrade (.bin) or a new install (.ova) is also available:\n\nAn HP Passport login is required. \n\nGo to the HP Software Depot site at http://www.software.hp.com and search for\nHP OneView. \n\nHISTORY\nVersion:1 (rev.1) - 13 January 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Summary\n\n VMware vCenter Server, ESXi, Workstation, Player and Fusion address\n several security issues. Relevant Releases\n\n VMware Workstation 10.x prior to version 10.0.5\n \n VMware Player 6.x prior to version 6.0.5\n\n VMware Fusion 7.x prior to version 7.0.1\n VMware Fusion 6.x prior to version 6.0.5\n\n vCenter Server 5.5 prior to Update 2d\n\n ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG\n ESXi 5.1 without patch ESXi510-201404101-SG\n ESXi 5.0 without patch ESXi500-201405101-SG\n\n3. Problem Description \n\n a. VMware ESXi, Workstation, Player, and Fusion host privilege\n escalation vulnerability\n\n VMware ESXi, Workstation, Player and Fusion contain an arbitrary \n file write issue. Exploitation this issue may allow for privilege\n escalation on the host. \n\n The vulnerability does not allow for privilege escalation from \n the guest Operating System to the host or vice-versa. This means\n that host memory can not be manipulated from the Guest Operating\n System. \n\n Mitigation\n \n For ESXi to be affected, permissions must have been added to ESXi\n (or a vCenter Server managing it) for a virtual machine \n administrator role or greater. \n\n VMware would like to thank Shanon Olsson for reporting this issue to\n us through JPCERT. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-8370 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any not affected\n Fusion 6.x any 6.0.5\n\n ESXi 5.5 ESXi ESXi550-201403102-SG\n ESXi 5.1 ESXi ESXi510-201404101-SG \n ESXi 5.0 ESXi ESXi500-201405101-SG\n\n b. VMware Workstation, Player, and Fusion Denial of Service \n vulnerability\n\n VMware Workstation, Player, and Fusion contain an input validation \n issue in the Host Guest File System (HGFS). This issue may allow\n for a Denial of Service of the Guest Operating system. \n\n VMware would like to thank Peter Kamensky from Digital Security for \n reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-1043 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any 7.0.1\n Fusion 6.x any 6.0.5\n\n c. VMware ESXi, Workstation, and Player Denial of Service \n vulnerability\n\n VMware ESXi, Workstation, and Player contain an input\n validation issue in VMware Authorization process (vmware-authd). \n This issue may allow for a Denial of Service of the host. On \n VMware ESXi and on Workstation running on Linux the Denial of\n Service would be partial. \n\n VMware would like to thank Dmitry Yudin @ret5et for reporting\n this issue to us through HP's Zero Day Initiative. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2015-1044 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n Workstation 11.x any not affected\n Workstation 10.x any 10.0.5\n\n Player 7.x any not affected\n Player 6.x any 6.0.5\n\n Fusion 7.x any not affected\n Fusion 6.x any not affected\n\n ESXi 5.5 ESXi ESXi550-201501101-SG\n ESXi 5.1 ESXi ESXi510-201410101-SG\n ESXi 5.0 ESXi not affected\n\n d. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-3513, CVE-2014-3567, \n CVE-2014-3566 (\"POODLE\") and CVE-2014-3568 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n vCenter Server 5.5 any Update 2d*\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n ESXi 5.5 ESXi ESXi550-201501101-SG \n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending\n\n * The VMware vCenter 5.5 SSO component will be \n updated in a later release\n \n e. Update to ESXi libxml2 package\n\n The libxml2 library is updated to version libxml2-2.7.6-17\n to resolve a security issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2014-3660 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======= ======= =================\n ESXi 5.5 ESXi ESXi550-201501101-SG \n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending\n \n4. Solution\n\n Please review the patch/release notes for your product and \n version and verify the checksum of your downloaded file. \n\n VMware Workstation 10.x\n -------------------------------- \n https://www.vmware.com/go/downloadworkstation \n\n VMware Player 6.x\n -------------------------------- \n https://www.vmware.com/go/downloadplayer \n\n VMware Fusion 7.x and 6.x\n -------------------------------- \n https://www.vmware.com/go/downloadplayer \n\n vCenter Server\n ----------------------------\n Downloads and Documentation: \n https://www.vmware.com/go/download-vsphere \n\n ESXi 5.5 Update 2d\n ----------------------------\n File: update-from-esxi5.5-5.5_update01.zip\n md5sum: 5773844efc7d8e43135de46801d6ea25\n sha1sum: 6518355d260e81b562c66c5016781db9f077161f\n http://kb.vmware.com/kb/2065832\n update-from-esxi5.5-5.5_update01 contains ESXi550-201403102-SG\n\n ESXi 5.5\n ----------------------------\n File: ESXi550-201501001.zip\n md5sum: b0f2edd9ad17d0bae5a11782aaef9304\n sha1sum: 9cfcb1e2cf1bb845f0c96c5472d6b3a66f025dd1\n http://kb.vmware.com/kb/2099265\n ESXi550-201501001.zip contains ESXi550-201501101-SG\n\n ESXi 5.1\n ----------------------------\n File: ESXi510-201404001.zip\n md5sum: 9dc3c9538de4451244a2b62d247e52c4\n sha1sum: 6b1ea36a2711665a670afc9ae37cdd616bb6da66\n http://kb.vmware.com/kb/2070666\n ESXi510-201404001 contains ESXi510-201404101-SG\n\n ESXi 5.0\n ----------------------------\n File: ESXi500-201405001.zip\n md5sum: 7cd1afc97f5f1e4b4132c90835f92e1d\n sha1sum: 4bd77eeb5d7fc65bbb6f25762b0fa74fbb9679d5\n http://kb.vmware.com/kb/2075521\n ESXi500-201405001 contains ESXi500-201405101-SG\n \n5. Change log\n\n 2015-01-27 VMSA-2015-0001\n Initial security advisory in conjunction with the release of VMware\n Workstation 10.0.5, VMware Player 6.0.5, vCenter Server 5.5 Update 2d\n and, ESXi 5.5 Patches released on 2015-01-27. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n Consolidated list of VMware Security Advisories\n http://kb.vmware.com/kb/2078735\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2015 VMware Inc. All rights reserved. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly send\n the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue. \n\nCVE-2014-3568\n\n When OpenSSL is configured with \"no-ssl3\" as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:1652-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1652.html\nIssue date: 2014-10-16\nCVE Names: CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3513)\n\nA memory leak flaw was found in the way an OpenSSL handled failed session\nticket integrity checks. A remote attacker could exhaust all available\nmemory of an SSL/TLS or DTLS server by sending a large number of invalid\nsession tickets to that server. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.2.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.2.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.6.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.6.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.6.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.6.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.6.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3513.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3567.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUP940XlSAg2UNWIIRAhUYAJ4or1rZ25E0BXjTPyeDsN+keTz3twCdHDEz\nqY686VXQQ02SLq5vTvKfuHk=\n=McEc\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2014-3513", }, { db: "BID", id: "70585", }, { db: "VULMON", id: "CVE-2014-3513", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "129932", }, { db: "PACKETSTORM", id: "130541", }, { db: "PACKETSTORM", id: "132082", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128706", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3513", trust: 2.4, }, { db: "SECUNIA", id: "61439", trust: 1.1, }, { db: "SECUNIA", id: "61058", trust: 1.1, }, { db: "SECUNIA", id: "61207", trust: 1.1, }, { db: "SECUNIA", id: "61837", trust: 1.1, }, { db: "SECUNIA", id: "62070", trust: 1.1, }, { db: "SECUNIA", id: "61298", trust: 1.1, }, { db: "SECUNIA", id: "61990", trust: 1.1, }, { db: "SECUNIA", id: "61073", trust: 1.1, }, { db: "SECUNIA", id: "59627", trust: 1.1, }, { db: "SECUNIA", id: "61959", trust: 1.1, }, { db: "SECTRACK", id: "1031052", trust: 1.1, }, { db: "BID", id: "70584", trust: 1.1, }, { db: "MCAFEE", id: "SB10091", trust: 1.1, }, { db: "BID", id: "70585", trust: 0.3, }, { db: "VULMON", id: "CVE-2014-3513", trust: 0.1, }, { db: "PACKETSTORM", id: "130815", trust: 0.1, }, { db: "PACKETSTORM", id: "129932", trust: 0.1, }, { db: "PACKETSTORM", id: "130541", trust: 0.1, }, { db: "PACKETSTORM", id: "132082", trust: 0.1, }, { db: "PACKETSTORM", id: "130144", trust: 0.1, }, { db: "PACKETSTORM", id: "137201", trust: 0.1, }, { db: "PACKETSTORM", id: "132081", trust: 0.1, }, { db: "PACKETSTORM", id: "132080", trust: 0.1, }, { db: "PACKETSTORM", id: "128728", trust: 0.1, }, { db: "PACKETSTORM", id: "128706", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3513", }, { db: "BID", id: "70585", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "129932", }, { db: "PACKETSTORM", id: "130541", }, { db: "PACKETSTORM", id: "132082", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128706", }, { db: "NVD", id: "CVE-2014-3513", }, ], }, id: "VAR-201410-0371", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.395238084, }, last_update_date: "2024-07-23T21:06:25.896000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2385-1", }, { title: "Red Hat: CVE-2014-3513", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3513", }, { title: "Debian Security Advisories: DSA-3053-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=89bdef3607a7448566a930eca0e94cb3", }, { title: "Amazon Linux AMI: ALAS-2014-427", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2014-427", }, { title: "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=374cff59719675d8235f907c21b99bfc", }, { title: "Tenable Security Advisories: [R7] OpenSSL '20141015' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2014-11", }, { title: "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3513", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2014-3513", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.4, url: "https://www.openssl.org/news/secadv_20141015.txt", }, { trust: 1.4, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686997", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2014-1652.html", }, { trust: 1.1, url: "http://www.debian.org/security/2014/dsa-3053", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2014-1692.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html", }, { trust: 1.1, url: "http://www.ubuntu.com/usn/usn-2385-1", }, { trust: 1.1, url: "http://advisories.mageia.org/mgasa-2014-0416.html", }, { trust: 1.1, url: "http://secunia.com/advisories/59627", }, { trust: 1.1, url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc", }, { trust: 1.1, url: "http://secunia.com/advisories/61298", }, { trust: 1.1, url: "http://secunia.com/advisories/61959", }, { trust: 1.1, url: "http://secunia.com/advisories/61439", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html", }, { trust: 1.1, url: "http://secunia.com/advisories/61073", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/70584", }, { trust: 1.1, url: "http://secunia.com/advisories/62070", }, { trust: 1.1, url: "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1031052", }, { trust: 1.1, url: "https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html", }, { trust: 1.1, url: "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc", }, { trust: 1.1, url: "http://secunia.com/advisories/61207", }, { trust: 1.1, url: "http://secunia.com/advisories/61058", }, { trust: 1.1, url: "http://secunia.com/advisories/61990", }, { trust: 1.1, url: "http://secunia.com/advisories/61837", }, { trust: 1.1, url: "http://security.gentoo.org/glsa/glsa-201412-39.xml", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142495837901899&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142624590206005&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142791032306609&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142834685803386&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142804214608580&w=2", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html", }, { trust: 1.1, url: "https://support.apple.com/ht205217", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290583027876&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290437727362&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143290522027658&w=2", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10091", }, { trust: 1.1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=2b0532f3984324ebe1236a63d15893792384328d", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3568", }, { trust: 0.6, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.6, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.6, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3508", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3509", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3511", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2014-5139", }, { trust: 0.3, url: "http://www.openssl.org", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21691210", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/151", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 ", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 ", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21686792", }, { trust: 0.3, url: "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21884030", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959134", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21691005", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21688284", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697995", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697165", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21689482", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701452", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21693662", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689347", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689743", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21689332", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21691140", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21688762", }, { trust: 0.3, url: "http://seclists.org/fulldisclosure/2015/jan/108", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101009000", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699200", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700489", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687863", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003", }, { trust: 0.3, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.2, url: "http://www.debian.org/security/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2385-1/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3513", }, { trust: 0.1, url: "http://www.software.hp.com", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-7186", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-7169", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-6271", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-6277", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-7187", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-6278", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-0c9e74c0cd5a48b4a537e63427", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-a7973a3813bf47d8afdb053b58", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-b41f3bc307ee43d39a172d249f", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-0d22e1c193434997889fa62736", }, { trust: 0.1, url: "https://h20566.www2.hp.com/hpsc/swd/public/detail?switemid=mtx_00eb9ac82e864", }, { trust: 0.1, url: "https://h20566.www2.hp.com/hpsc/swd/public/detail?switemid=mtx_34bcab41ac7e4", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://twitter.com/vmwaresrc", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1044", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1044", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2078735", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2070666", }, { trust: 0.1, url: "http://www.vmware.com/security/advisories", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1043", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8370", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2075521", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2065832", }, { trust: 0.1, url: "http://kb.vmware.com/kb/1055", }, { trust: 0.1, url: "https://www.vmware.com/go/downloadplayer", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3660", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1043", }, { trust: 0.1, url: "https://www.vmware.com/support/policies/lifecycle.html", }, { trust: 0.1, url: "https://www.vmware.com/go/downloadworkstation", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3660", }, { trust: 0.1, url: "http://kb.vmware.com/kb/2099265", }, { trust: 0.1, url: "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce", }, { trust: 0.1, url: "https://www.vmware.com/support/policies/security_response.html", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8370", }, { trust: 0.1, url: "https://www.vmware.com/go/download-vsphere", }, { trust: 0.1, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1790", }, { trust: 0.1, url: "http://www.hpe.com/info/insightmanagement", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2019", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1788", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1792", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085", }, { trust: 0.1, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3195", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0799", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2020", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2018", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1789", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2022", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1791", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2017", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7501", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2027", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3555", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6565", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3194", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2026", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2021", }, { trust: 0.1, url: "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2014-3513.html", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/#package", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2014-3567.html", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://access.redhat.com/articles/1232123", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3513", }, { db: "BID", id: "70585", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "129932", }, { db: "PACKETSTORM", id: "130541", }, { db: "PACKETSTORM", id: "132082", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128706", }, { db: "NVD", id: "CVE-2014-3513", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3513", }, { db: "BID", id: "70585", }, { db: "PACKETSTORM", id: "130815", }, { db: "PACKETSTORM", id: "129932", }, { db: "PACKETSTORM", id: "130541", }, { db: "PACKETSTORM", id: "132082", }, { db: "PACKETSTORM", id: "130144", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "132081", }, { db: "PACKETSTORM", id: "132080", }, { db: "PACKETSTORM", id: "128728", }, { db: "PACKETSTORM", id: "128706", }, { db: "NVD", id: "CVE-2014-3513", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-10-19T00:00:00", db: "VULMON", id: "CVE-2014-3513", }, { date: "2014-10-15T00:00:00", db: "BID", id: "70585", }, { date: "2015-03-13T17:11:00", db: "PACKETSTORM", id: "130815", }, { date: "2015-01-14T03:51:42", db: "PACKETSTORM", id: "129932", }, { date: "2015-02-26T17:12:16", db: "PACKETSTORM", id: "130541", }, { date: "2015-05-29T23:37:23", db: "PACKETSTORM", id: "132082", }, { date: "2015-01-28T18:22:00", db: "PACKETSTORM", id: "130144", }, { date: "2016-05-26T09:22:00", db: "PACKETSTORM", id: "137201", }, { date: "2015-05-29T23:37:11", db: "PACKETSTORM", id: "132081", }, { date: "2015-05-29T23:37:04", db: "PACKETSTORM", id: "132080", }, { date: "2014-10-17T14:50:20", db: "PACKETSTORM", id: "128728", }, { date: "2014-10-17T00:03:21", db: "PACKETSTORM", id: "128706", }, { date: "2014-10-19T01:55:13.887000", db: "NVD", id: "CVE-2014-3513", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2014-3513", }, { date: "2016-09-09T15:00:00", db: "BID", id: "70585", }, { date: "2023-11-07T02:20:11.097000", db: "NVD", id: "CVE-2014-3513", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL 'no-ssl3' Build Option Security Bypass Vulnerability", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "70585", }, ], trust: 0.3, }, }
var-201501-0339
Vulnerability from variot
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-3570]
III. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as described in .
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- .
Release Date: 2015-07-20 Last Updated: 2015-07-20
Potential Security Impact: Remote Denial of Service (DoS), cross-site request forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH).
Please download the latest version of HP System Management Homepage (7.5.0) from the following location:
http://www.hp.com/go/smh
HISTORY Version:1 (rev.1) - 20 July 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2014-3569 CVE-2015-0205 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2016-0705 CVE-2016-0799 CVE-2016-2842 PSRT110092 PSRT110095 CVE-2016-2026 CVE-2016-2027 CVE-2016-2028 CVE-2016-2029 CVE-2016-2030 CVE-2016-4357 CVE-2009-3555 CVE-2016-4358 CVE-2015-3194 CVE-2015-3195 CVE-2015-6565 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2015-7501
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0339", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "powerlinux 7r2", scope: "eq", trust: 1.2, vendor: "ibm", version: "0", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.2.5", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7200", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7700", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7800", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7100", }, { model: "hpe systems insight manager", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86)", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle mobile security suite mss 3.0", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.2", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "hp virtual connect enterprise manager sdk", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe server migration pack", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.0p", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0", }, { model: "hpe insight control", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "none", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.22 and earlier", }, { model: "hpe version control repository manager", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hp version control agent", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hpe matrix operating environment", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm)", }, { model: "system management homepage", scope: null, trust: 0.8, vendor: "hewlett packard", version: null, }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.1k", }, { model: "hpe insight control", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "server provisioning", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "7400", }, { model: "power express", scope: "eq", trust: 0.6, vendor: "ibm", version: "5200", }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "5700", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "7300", }, { model: "powerlinux 7r1", scope: "eq", trust: 0.6, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.5", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "7600", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "power system s822", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "783.00", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205635", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.80", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "flex system p270 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7954-24x)0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6", }, { model: "power systems e870", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.50", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.3", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "flex system p260 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-23x)0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "junos os 13.3r6", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.19", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "insight control server provisioning", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.70", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.21", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems 350.c0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "workflow for bluemix", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "5750", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37001.1", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "power system s814", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.21", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.4", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.4", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2.00", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.40", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.b1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.e0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.21", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "flashsystem 9848-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50001.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems 350.e1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "ctpview", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.00", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.8", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.5", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.19", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "power systems 350.a0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.3", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.3", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.1.8", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.1.8", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.4", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "mq client for hp integrity nonstop server supportpac mqc8", scope: "eq", trust: 0.3, vendor: "ibm", version: "-0", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "general parallel file system", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "13.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.00", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.02", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.4", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.22", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "820.03", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205577", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "websphere mq for openvms", scope: "eq", trust: 0.3, vendor: "ibm", version: "v6", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "security proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.16", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.81", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.00", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 12.3r10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.6", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.50", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "cms r17 r4", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.60", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.00", }, { model: "powerlinux 7r4", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere master data management patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "power systems 350.b0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.5.03.00", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "power ese", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "cognos controller if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.3", }, { model: "as infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "8.1", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "820.02", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.00", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.11", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.1.7", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2", }, { model: "linux enterprise server for vmware sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "flex system p260 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-22x)0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "jabber voice for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3", }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "52056340", }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.3", }, { model: "power system s824l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "system m4 hd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.80", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.30", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "infosphere master data management provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.116", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "power express", scope: "eq", trust: 0.3, vendor: "ibm", version: "560", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "power 795", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.6", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.51", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "flashsystem 9846-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.21", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "cms r17 r3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power system s822l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5504667", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.10", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205587", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.60", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.19", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.5", }, { model: "ctpview 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.1", }, { model: "cognos controller interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.41", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter js22", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7998-61x)0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3.0.5", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.5", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.20", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.32", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.19", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.15", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "bladecenter js23", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7778-23x)0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.5", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "52056330", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.3.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "bladecenter js43 with feature code", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7778-23x8446)0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.51", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x330073820", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2", }, { model: "power system s824", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ctp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "7500", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "power systems e880", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ctpos 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.5", }, { model: "mq appliance m2000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "flex system p460 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-42x)0", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.5", }, { model: "screenos", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.10", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8734-", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3.0.5", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.3", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.61", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.20", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.90", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.02", }, { model: "bladecenter js12 express", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7998-60x)0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.7", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "flashsystem 9840-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3.0.5", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.50", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "websphere mq client for hp integrity nonstop server supportpac", scope: "eq", trust: 0.3, vendor: "ibm", version: "-0", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.7", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.20", }, { model: "cognos controller if3", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.10", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.11", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.6", }, { model: "flex system p24l compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "websphere mq for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "power system s812l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.10", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.2", }, { model: "mobile messaging and m2m client pack (eclipse paho mqtt c client", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.1", }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1.00", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8731-", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "783.01", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "insight control", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.10", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.3", }, { model: "server migration pack", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "cognos controller fp1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "project openssl 1.0.0h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.3", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.2(3.1)", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "server migration pack", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.01", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.d0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.40", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.2", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "74.90", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35001.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.5", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.40", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "flex system p260 compute node /fc efd9", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.2", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "5950", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "junos os 12.3x48-d10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0.5", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.7", }, { model: "ctpos 6.6r5", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 13.2r8", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.01", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.52", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power express", scope: "eq", trust: 0.3, vendor: "ibm", version: "550", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "matrix operating environment", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5504965", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.70", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.6", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.31", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "flex system p460 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-43x)0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.8", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79190", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3.0.5", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.8", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.00", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "71941", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "NVD", id: "CVE-2015-0205", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0205", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, ], trust: 0.4, }, cve: "CVE-2015-0205", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-0205", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-0205", trust: 1.8, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-0205", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2015-0205", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "NVD", id: "CVE-2015-0205", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit <URL:https://security.FreeBSD.org/>. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD's default build. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-3570]\n\nIII. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch < /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\n\nVII. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n The dtls1_reassemble_fragment function in d1_both.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allows remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (CVE-2014-0195). \n \n The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,\n when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a\n buffer pointer during certain recursive calls, which allows remote\n attackers to cause a denial of service (NULL pointer dereference\n and application crash) via vectors that trigger an alert condition\n (CVE-2014-0198). \n \n The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when\n an anonymous ECDH cipher suite is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and client crash)\n by triggering a NULL certificate value (CVE-2014-3470). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The ssl23_get_client_hello function in s23_srvr.c in OpenSSL\n 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to\n use unsupported protocols, which allows remote attackers to cause a\n denial of service (NULL pointer dereference and daemon crash) via\n an unexpected handshake, as demonstrated by an SSLv3 handshake to\n a no-ssl3 application with certain error handling. NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate's unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-07-20\nLast Updated: 2015-07-20\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site request\nforgery (CSRF), execution of arbitrary code, unauthorized modification,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified with HP\nSystem Management Homepage (SMH) on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS), Cross-site\nRequest Forgery (CSRF), execution of arbitrary code, unauthorized\nmodification, unauthorized access, or disclosure of information. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH). \n\n Please download the latest version of HP System Management Homepage (7.5.0)\nfrom the following location:\n\n http://www.hp.com/go/smh\n\nHISTORY\nVersion:1 (rev.1) - 20 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2014-3569\nCVE-2015-0205\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3567\nCVE-2014-3568\nCVE-2016-0705\nCVE-2016-0799\nCVE-2016-2842\nPSRT110092\nPSRT110095\nCVE-2016-2026\nCVE-2016-2027\nCVE-2016-2028\nCVE-2016-2029\nCVE-2016-2030\nCVE-2016-4357\nCVE-2009-3555\nCVE-2016-4358\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-6565\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2015-7501\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user's client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2015-0205", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "BID", id: "71941", }, { db: "VULMON", id: "CVE-2015-0205", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130051", }, ], trust: 2.7, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0205", trust: 3, }, { db: "JUNIPER", id: "JSA10679", trust: 1.4, }, { db: "BID", id: "71941", trust: 1.4, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "BID", id: "91787", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "JVN", id: "JVNVU98974537", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-001010", trust: 0.8, }, { db: "VULMON", id: "CVE-2015-0205", trust: 0.1, }, { db: "PACKETSTORM", id: "129973", trust: 0.1, }, { db: "PACKETSTORM", id: "131044", trust: 0.1, }, { db: "PACKETSTORM", id: "133316", trust: 0.1, }, { db: "PACKETSTORM", id: "137292", trust: 0.1, }, { db: "PACKETSTORM", id: "129870", trust: 0.1, }, { db: "PACKETSTORM", id: "132763", trust: 0.1, }, { db: "PACKETSTORM", id: "137201", trust: 0.1, }, { db: "PACKETSTORM", id: "130051", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2015-0205", }, { db: "BID", id: "71941", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130051", }, { db: "NVD", id: "CVE-2015-0205", }, ], }, id: "VAR-201501-0339", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.396927715, }, last_update_date: "2024-07-23T21:04:37.270000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { title: "Unauthenticated DH client certificate fix.", trust: 0.8, url: "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3", }, { title: "HPSBMU03396", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { title: "HPSBMU03397", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { title: "HPSBMU03409", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { title: "HPSBMU03413", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { title: "HPSBMU03380", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { title: "HPSBHF03289", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04602055", }, { title: "HPSBMU03611", trust: 0.8, url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { title: "HPSBMU03612", trust: 0.8, url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { title: "NV15-017", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-017.html", }, { title: "DH client certificates accepted without verification [Server] (CVE-2015-0205)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { title: "Oracle Critical Patch Update Advisory - April 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "RHSA-2015:0066", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { title: "April 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html", }, { title: "株式会社バッファロー の告知ページ", trust: 0.8, url: "http://buffalo.jp/support_s/s20150327b.html", }, { title: "Red Hat: Moderate: openssl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150066 - security advisory", }, { title: "Red Hat: CVE-2015-0205", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2015-0205", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2459-1", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Tenable Security Advisories: [R7] OpenSSL '20150108' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-03", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, { title: "JPN_RIC13351-2", trust: 0.1, url: "https://github.com/neominds/jpn_ric13351-2 ", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0205", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "NVD", id: "CVE-2015-0205", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { trust: 1.1, url: "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/71941", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu98974537", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0205", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699883", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699667", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101008182", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697291", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21697162", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695985", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699052", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698506", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699069", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0205", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.2, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.2, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.2, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.2, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.2, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1790", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1788", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1792", }, { trust: 0.2, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.2, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3195", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0799", }, { trust: 0.2, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1789", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1791", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7501", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2017", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6565", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3568", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3508", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3194", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3509", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3511", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/310.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2015:0066", }, { trust: 0.1, url: "https://usn.ubuntu.com/2459-1/", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch", }, { trust: 0.1, url: "https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571>", }, { trust: 0.1, url: "https://www.openssl.org/news/secadv_20150108.txt>", }, { trust: 0.1, url: "https://security.freebsd.org/>.", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570>", }, { trust: 0.1, url: "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc>", }, { trust: 0.1, url: "https://www.freebsd.org/handbook/makeworld.html>.", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0160", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0198", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5298", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150108.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0221", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5409", }, { trust: 0.1, url: "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result&doc", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5412", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5413", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5410", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5411", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7995", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2007-6750", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8035", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3237", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2015", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0728", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7547", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-4969", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958", }, { trust: 0.1, url: "http://www.hpe.com/info/insightcontrol", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.1, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.1, url: "http://www.hp.com/go/smh", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "http://www.hpe.com/info/insightmanagement", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2019", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2020", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2018", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2022", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2027", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3555", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2026", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2021", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0204", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0206", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-8275", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3572", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3571", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3570", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0205", }, { db: "BID", id: "71941", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130051", }, { db: "NVD", id: "CVE-2015-0205", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2015-0205", }, { db: "BID", id: "71941", }, { db: "JVNDB", id: "JVNDB-2015-001010", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130051", }, { db: "NVD", id: "CVE-2015-0205", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-01-09T00:00:00", db: "VULMON", id: "CVE-2015-0205", }, { date: "2015-01-08T00:00:00", db: "BID", id: "71941", }, { date: "2015-01-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-001010", }, { date: "2015-01-15T16:53:07", db: "PACKETSTORM", id: "129973", }, { date: "2015-03-27T20:42:44", db: "PACKETSTORM", id: "131044", }, { date: "2015-08-26T01:33:07", db: "PACKETSTORM", id: "133316", }, { date: "2016-06-02T19:12:12", db: "PACKETSTORM", id: "137292", }, { date: "2015-01-09T17:43:35", db: "PACKETSTORM", id: "129870", }, { date: "2015-07-21T13:37:51", db: "PACKETSTORM", id: "132763", }, { date: "2016-05-26T09:22:00", db: "PACKETSTORM", id: "137201", }, { date: "2015-01-22T01:35:41", db: "PACKETSTORM", id: "130051", }, { date: "2015-01-09T02:59:11.273000", db: "NVD", id: "CVE-2015-0205", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-15T00:00:00", db: "VULMON", id: "CVE-2015-0205", }, { date: "2017-01-23T00:09:00", db: "BID", id: "71941", }, { date: "2016-09-30T00:00:00", db: "JVNDB", id: "JVNDB-2015-001010", }, { date: "2017-11-15T02:29:05.890000", db: "NVD", id: "CVE-2015-0205", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "71941", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of s3_srvr.c of ssl3_get_cert_verify Vulnerability to gain access to functions", sources: [ { db: "JVNDB", id: "JVNDB-2015-001010", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "71941", }, ], trust: 0.3, }, }
var-201501-0435
Vulnerability from variot
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3125-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 11, 2015 http://www.debian.org/security/faq
Package : openssl CVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2014-3569
Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols. When OpenSSL is built with the no-ssl3 option and a SSL
v3 ClientHello is received, the ssl method would be set to NULL which
could later result in a NULL pointer dereference and daemon crash.
CVE-2014-3570
Pieter Wuille of Blockstream reported that the bignum squaring
(BN_sqr) may produce incorrect results on some platforms, which
might make it easier for remote attackers to defeat cryptographic
protection mechanisms.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw
to mount a denial of service attack.
CVE-2014-3572
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL client would accept a handshake using an ephemeral ECDH
ciphersuite if the server key exchange message is omitted. This
allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.
CVE-2015-0204
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that
an OpenSSL client will accept the use of an ephemeral RSA key in a
non-export RSA key exchange ciphersuite, violating the TLS
standard. This allows remote SSL servers to downgrade the security
of the session.
CVE-2015-0205
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL server will accept a DH certificate for client
authentication without the certificate verify message. This flaw
effectively allows a client to authenticate without the use of a
private key via crafted TLS handshake protocol traffic to a server
that recognizes a certification authority with DH support.
CVE-2015-0206
Chris Mueller discovered a memory leak in the dtls1_buffer_record
function. A remote attacker could exploit this flaw to mount a
denial of service through memory exhaustion by repeatedly sending
specially crafted DTLS records.
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u14.
For the upcoming stable distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 1.0.1k-1.
We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller
CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld
Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple
libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298
OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple
PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein
SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple
Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146
UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple
WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- .
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints. (CVE-2014-8275)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain key exchanges. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2459-1 CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX /uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ =kie8 -----END PGP SIGNATURE----- .
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0435", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "communications policy management", scope: "eq", trust: 1.1, vendor: "oracle", version: "9.9.1", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.3.5", }, { model: "communications policy management", scope: "eq", trust: 1.1, vendor: "oracle", version: "9.7.3", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.2.5", }, { model: "communications policy management", scope: "eq", trust: 1.1, vendor: "oracle", version: "10.4.1", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8zc", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.1", }, { model: "supply chain products suite", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle transportation management 6.2", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.3", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.2", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "2260", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.0", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.8.5", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle mobile security suite mss 3.0", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.2", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.0p", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle exalogic infrastructure 1.x", }, { model: "communications policy management", scope: "lte", trust: 0.8, vendor: "oracle", version: "12.1.1 and earlier", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.1", }, { model: "supply chain products suite", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle transportation management 6.1", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.22 and earlier", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.4", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.4", }, { model: "http server", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.5.10.2", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.2", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.3", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle tuxedo 12.1.1.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.1", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.2", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.1k", }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(fujitsu m10-1/m10-4/m10-4s server )", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle exalogic infrastructure 2.x", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "communications session border controller scz7.4.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "retail predictive application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "workflow for bluemix", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "app for netapp data ontap", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "filenet system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.12", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "communications security gateway", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "alienvault", scope: "ne", trust: 0.3, vendor: "alienvault", version: "4.15.1", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.13", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "communications session border controller scz7.3.0", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "app for stream", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "enterprise communications broker pcz2.0.0m4p5", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.11", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "cms r17 r4", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "infosphere master data management patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "retail predictive application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "cognos controller if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.3", }, { model: "as infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "8.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "linux enterprise server for vmware sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "system m4 hd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "infosphere master data management provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.116", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "enterprise session border controller ecz7.3m2p2", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "cms r17 r3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "project openssl 0.9.8zd", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "cognos controller interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "openssh for gpfs", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "enterprise content management system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "mint", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.3", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "retail predictive application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "tuxedo", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1.0", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "enterprise content management system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x330073820", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8734-", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "retail predictive application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0.2", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "retail predictive application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0.3", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.5.10.2", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "cognos controller if3", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "5", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8731-", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.3", }, { model: "cognos controller fp1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.2(3.1)", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "app for vmware", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "cloud", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "retail predictive application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79190", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "project openssl 0.9.8u", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "71937", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "NVD", id: "CVE-2014-3571", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8zc", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3571", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130548", }, { db: "PACKETSTORM", id: "130545", }, ], trust: 0.6, }, cve: "CVE-2014-3571", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2014-3571", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3571", trust: 1.8, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2014-3571", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3571", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "NVD", id: "CVE-2014-3571", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3125-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 11, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206\n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2014-3569\n\n Frank Schmirler reported that the ssl23_get_client_hello function in\n OpenSSL does not properly handle attempts to use unsupported\n protocols. When OpenSSL is built with the no-ssl3 option and a SSL\n v3 ClientHello is received, the ssl method would be set to NULL which\n could later result in a NULL pointer dereference and daemon crash. \n\nCVE-2014-3570\n\n Pieter Wuille of Blockstream reported that the bignum squaring\n (BN_sqr) may produce incorrect results on some platforms, which\n might make it easier for remote attackers to defeat cryptographic\n protection mechanisms. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw\n to mount a denial of service attack. \n\nCVE-2014-3572\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL client would accept a handshake using an ephemeral ECDH\n ciphersuite if the server key exchange message is omitted. This\n allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n and trigger a loss of forward secrecy. \n\nCVE-2014-8275\n\n Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n and Konrad Kraszewski of Google reported various certificate\n fingerprint issues, which allow remote attackers to defeat a\n fingerprint-based certificate-blacklist protection mechanism. \n\nCVE-2015-0204\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n an OpenSSL client will accept the use of an ephemeral RSA key in a\n non-export RSA key exchange ciphersuite, violating the TLS\n standard. This allows remote SSL servers to downgrade the security\n of the session. \n\nCVE-2015-0205\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This flaw\n effectively allows a client to authenticate without the use of a\n private key via crafted TLS handshake protocol traffic to a server\n that recognizes a certification authority with DH support. \n\nCVE-2015-0206\n\n Chris Mueller discovered a memory leak in the dtls1_buffer_record\n function. A remote attacker could exploit this flaw to mount a\n denial of service through memory exhaustion by repeatedly sending\n specially crafted DTLS records. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u14. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A process may gain admin privileges without properly\nauthenticating\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Cookies belonging to one origin may be sent to another\norigin\nDescription: A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Authentication credentials may be sent to a server on\nanother origin\nDescription: A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A NULL pointer dereference existed in NVIDIA graphics\ndriver's handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local application may be able to cause a denial of service\nDescription: An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily's\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily's\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system shutdown\nDescription: An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause a system denial of service\nDescription: A race condition existed in the kernel's setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to bypass network filters\nDescription: The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause the Finder to crash\nDescription: An input validation issue existed in LaunchServices's\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in LaunchServices's\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may brute force ntpd authentication keys\nDescription: The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription: If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit's handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A user's password may be logged to a local file\nDescription: In some circumstances, Screen Sharing may log a user's\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Tampered applications may not be prevented from launching\nDescription: Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple's Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nPieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. \n(CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain crafted\nDTLS messages. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote\nattacker could possibly use this issue to trick certain applications that\nrely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nkey exchanges. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2459-1\n CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,\n CVE-2015-0204, CVE-2015-0205, CVE-2015-0206\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21\n https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\nng=en-us&cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX\n/uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ\n=kie8\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant", sources: [ { db: "NVD", id: "CVE-2014-3571", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "BID", id: "71937", }, { db: "VULMON", id: "CVE-2014-3571", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130548", }, { db: "PACKETSTORM", id: "130545", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3571", trust: 3.1, }, { db: "BID", id: "71937", trust: 1.4, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "JVN", id: "JVNVU91828320", trust: 0.8, }, { db: "JVN", id: "JVNVU98974537", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2014-007552", trust: 0.8, }, { db: "VULMON", id: "CVE-2014-3571", trust: 0.1, }, { db: "PACKETSTORM", id: "133317", trust: 0.1, }, { db: "PACKETSTORM", id: "129880", trust: 0.1, }, { db: "PACKETSTORM", id: "131359", trust: 0.1, }, { db: "PACKETSTORM", id: "130987", trust: 0.1, }, { db: "PACKETSTORM", id: "129893", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "132763", trust: 0.1, }, { db: "PACKETSTORM", id: "130548", trust: 0.1, }, { db: "PACKETSTORM", id: "130545", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3571", }, { db: "BID", id: "71937", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130548", }, { db: "PACKETSTORM", id: "130545", }, { db: "NVD", id: "CVE-2014-3571", }, ], }, id: "VAR-201501-0435", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.39692771499999996, }, last_update_date: "2024-06-17T10:09:08.262000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { title: "HT204659", trust: 0.8, url: "http://support.apple.com/en-us/ht204659", }, { title: "HT204659", trust: 0.8, url: "http://support.apple.com/ja-jp/ht204659", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { title: "Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed", trust: 0.8, url: "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d", }, { title: "Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL.", trust: 0.8, url: "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b", }, { title: "HPSBUX03244 SSRT101885", trust: 0.8, url: "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853&lang=en&cc=us", }, { title: "HPSBHF03289", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { title: "NV15-017", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-017.html", }, { title: "DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Critical Patch Update Advisory - October 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html", }, { title: "Oracle Critical Patch Update Advisory - April 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Oracle Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "RHSA-2015:0066", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "October 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "April 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html", }, { title: "TLSA-2015-2", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html", }, { title: "株式会社バッファロー の告知ページ", trust: 0.8, url: "http://buffalo.jp/support_s/s20150327b.html", }, { title: "Red Hat: Moderate: openssl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150066 - security advisory", }, { title: "Red Hat: CVE-2014-3571", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3571", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2459-1", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Tenable Security Advisories: [R7] OpenSSL '20150108' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-03", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa5ab46566482c02434bb8cf65c9614e", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3571", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "NVD", id: "CVE-2014-3571", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.4, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/71937", }, { trust: 1.1, url: "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b", }, { trust: 1.1, url: "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496289803847&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { trust: 1.1, url: "https://support.apple.com/ht204659", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142895206924048&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496179803395&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu91828320/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98974537/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3571", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.6, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.6, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.4, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699883", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699667", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/160", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698818", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101008182", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { trust: 0.3, url: "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699938", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883287", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902694", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903726", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695985", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701453", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698506", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699069", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.2, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "http://www.debian.org/security/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.2, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber", }, { trust: 0.2, url: "https://www.hp.com/go/swa", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2015:0066", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3571", }, { trust: 0.1, url: "https://usn.ubuntu.com/2459-1/", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=39946", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5432", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5433", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0118", }, { trust: 0.1, url: "https://www.frida.re", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht204658", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6438", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3487", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3597", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3670", }, { trust: 0.1, url: "http://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0238", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-2497", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3587", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0237", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3669", }, { trust: 0.1, url: "https://support.apple.com/en-", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0098", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3538", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0117", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3480", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3668", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0207", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-5704", }, { trust: 0.1, url: "http://dtorres.me)", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3479", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3478", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6712", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0235", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://www.ubuntu.com/usn/usn-2459-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.1, url: "http://www.hp.com/go/smh", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3571", }, { db: "BID", id: "71937", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130548", }, { db: "PACKETSTORM", id: "130545", }, { db: "NVD", id: "CVE-2014-3571", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3571", }, { db: "BID", id: "71937", }, { db: "JVNDB", id: "JVNDB-2014-007552", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129893", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "130548", }, { db: "PACKETSTORM", id: "130545", }, { db: "NVD", id: "CVE-2014-3571", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-01-09T00:00:00", db: "VULMON", id: "CVE-2014-3571", }, { date: "2014-10-22T00:00:00", db: "BID", id: "71937", }, { date: "2015-01-13T00:00:00", db: "JVNDB", id: "JVNDB-2014-007552", }, { date: "2015-08-26T01:33:18", db: "PACKETSTORM", id: "133317", }, { date: "2015-01-12T17:17:37", db: "PACKETSTORM", id: "129880", }, { date: "2015-04-09T16:30:50", db: "PACKETSTORM", id: "131359", }, { date: "2015-03-24T17:05:09", db: "PACKETSTORM", id: "130987", }, { date: "2015-01-12T21:48:37", db: "PACKETSTORM", id: "129893", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-07-21T13:37:51", db: "PACKETSTORM", id: "132763", }, { date: "2015-02-26T17:13:45", db: "PACKETSTORM", id: "130548", }, { date: "2015-02-26T17:13:09", db: "PACKETSTORM", id: "130545", }, { date: "2015-01-09T02:59:01.287000", db: "NVD", id: "CVE-2014-3571", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-10-20T00:00:00", db: "VULMON", id: "CVE-2014-3571", }, { date: "2017-05-02T04:07:00", db: "BID", id: "71937", }, { date: "2016-11-22T00:00:00", db: "JVNDB", id: "JVNDB-2014-007552", }, { date: "2017-10-20T01:29:03.410000", db: "NVD", id: "CVE-2014-3571", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "71937", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL Service disruption in (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2014-007552", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "71937", }, ], trust: 0.3, }, }
var-201412-0519
Vulnerability from variot
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw
to mount a denial of service attack.
CVE-2014-3572
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL client would accept a handshake using an ephemeral ECDH
ciphersuite if the server key exchange message is omitted.
CVE-2015-0204
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that
an OpenSSL client will accept the use of an ephemeral RSA key in a
non-export RSA key exchange ciphersuite, violating the TLS
standard.
CVE-2015-0206
Chris Mueller discovered a memory leak in the dtls1_buffer_record
function.
For the upcoming stable distribution (jessie), these problems will be fixed soon.
We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX /uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ =kie8 -----END PGP SIGNATURE----- .
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0519", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openssl", scope: "eq", trust: 1.8, vendor: "openssl", version: "1.0.1j", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.2.5", }, { model: "bladecenter advanced management module 3.66k", scope: null, trust: 0.9, vendor: "ibm", version: null, }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "0.9.8zc", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.0o", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.2", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.8.5", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "integrated lights out manager", scope: "lt", trust: 0.8, vendor: "oracle", version: "(sun system firmware) 8.7.2.b", }, { model: "integrated lights out manager", scope: "lt", trust: 0.8, vendor: "oracle", version: "(sun system firmware) 9.4.2e", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.22", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle mobile security suite mss 3.0", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "10", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.2", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.1", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.2", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.3", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.4", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.1", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.2", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.3", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.4", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.1", }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.5", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.3", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.4", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "junos os 13.3r6", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.19", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "insight control server provisioning", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "app for netapp data ontap", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37001.1", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.4", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.4", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.11", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.8", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "flashsystem 9848-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50001.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ctpview", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.2", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.0h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.8", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.5", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.19", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.10", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "app for stream", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.3", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.3", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.1.8", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.1.8", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.1", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.4", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "openflow agent", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 12.3r10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.0.2", }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "systems insight manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.6", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize 6.4storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v3500v3700", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "cognos controller if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.3", }, { model: "sametime community server hf1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.1.7", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2", }, { model: "linux enterprise server for vmware sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "sametime community server limited use", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "jabber voice for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "system m4 hd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.116", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.6", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "flashsystem 9846-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "project openssl 0.9.8zd", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.19", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.5", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "ctpview 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.1", }, { model: "cognos controller interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3.0.5", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.5", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.19", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "bladecenter t advanced management module 32r0835", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mint", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.5", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x330073820", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ctp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "ctpos 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.5", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.5", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.2", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8734-", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3.0.5", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.3", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp07", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.1.8", }, { model: "gpfs for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "version control repository manager", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.7", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "flashsystem 9840-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3.0.5", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.6", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.7", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "cognos controller if3", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.6", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.2", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.1", }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8731-", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "insight control server provisioning", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "insight control", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.3", }, { model: "server migration pack", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "cognos controller fp1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.3", }, { model: "insight control", scope: "eq", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.2(3.1)", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "server migration pack", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.2", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35001.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "matrix operating environment", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.5", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.2", }, { model: "app for vmware", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "junos os 12.3x48-d10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.7", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "ctpos 6.6r5", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "cloud", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 13.2r8", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "matrix operating environment", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5.1", }, { model: "predictiveinsight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.6", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.8", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79190", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3.0.5", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.8", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "project openssl 0.9.8u", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "contactoptimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "cognos tm1", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "71934", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "NVD", id: "CVE-2014-3569", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3569", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130545", }, ], trust: 0.8, }, cve: "CVE-2014-3569", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2014-3569", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3569", trust: 1.8, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2014-3569", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3569", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "NVD", id: "CVE-2014-3569", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. This vulnerability CVE-2014-3568 It became the problem after the correction. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw\n to mount a denial of service attack. \n\nCVE-2014-3572\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL client would accept a handshake using an ephemeral ECDH\n ciphersuite if the server key exchange message is omitted. \n\nCVE-2015-0204\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n an OpenSSL client will accept the use of an ephemeral RSA key in a\n non-export RSA key exchange ciphersuite, violating the TLS\n standard. \n\nCVE-2015-0206\n\n Chris Mueller discovered a memory leak in the dtls1_buffer_record\n function. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate's unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\nng=en-us&cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX\n/uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ\n=kie8\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant", sources: [ { db: "NVD", id: "CVE-2014-3569", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "BID", id: "71934", }, { db: "VULMON", id: "CVE-2014-3569", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130545", }, ], trust: 2.88, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3569", trust: 3.2, }, { db: "JUNIPER", id: "JSA10679", trust: 1.4, }, { db: "BID", id: "71934", trust: 1.4, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "JVN", id: "JVNVU98974537", trust: 0.8, }, { db: "JVN", id: "JVNVU91828320", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2014-007389", trust: 0.8, }, { db: "VULMON", id: "CVE-2014-3569", trust: 0.1, }, { db: "PACKETSTORM", id: "133318", trust: 0.1, }, { db: "PACKETSTORM", id: "133317", trust: 0.1, }, { db: "PACKETSTORM", id: "129880", trust: 0.1, }, { db: "PACKETSTORM", id: "131044", trust: 0.1, }, { db: "PACKETSTORM", id: "133316", trust: 0.1, }, { db: "PACKETSTORM", id: "137292", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "132763", trust: 0.1, }, { db: "PACKETSTORM", id: "137201", trust: 0.1, }, { db: "PACKETSTORM", id: "130545", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3569", }, { db: "BID", id: "71934", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130545", }, { db: "NVD", id: "CVE-2014-3569", }, ], }, id: "VAR-201412-0519", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.396927715, }, last_update_date: "2024-07-23T19:45:35.004000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "#3571: Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled", trust: 1.6, url: "http://rt.openssl.org/ticket/display.html?id=3571&user=guest&pass=guest", }, { title: "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { title: "HT204659", trust: 0.8, url: "http://support.apple.com/en-us/ht204659", }, { title: "HT204659", trust: 0.8, url: "http://support.apple.com/ja-jp/ht204659", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { title: "HPSBMU03397", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { title: "HPSBMU03409", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { title: "HPSBHF03289", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { title: "HPSBMU03413", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { title: "HPSBOV03318", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142895206924048&w=2", }, { title: "HPSBUX03162", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142496179803395&w=2", }, { title: "HPSBMU03380", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { title: "HPSBUX03244 SSRT101885", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04556853", }, { title: "HPSBMU03396", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { title: "HPSBMU03611", trust: 0.8, url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { title: "HPSBMU03612", trust: 0.8, url: "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { title: "NV15-017", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-017.html", }, { title: "commit 392fa7a", trust: 0.8, url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=392fa7a952e97d82eac6958c81ed1e256e6b8ca5", }, { title: "commit b829247", trust: 0.8, url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b82924741b4bd590da890619be671f4635e46c2b", }, { title: "no-ssl3 configuration sets method to NULL (CVE-2014-3569)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { title: "commit 6ce9687", trust: 0.8, url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Oracle Critical Patch Update Advisory - April 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { title: "Oracle Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "April 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "CVE-2014-3569", trust: 0.8, url: "https://security-tracker.debian.org/tracker/cve-2014-3569", }, { title: "CVE-2014-3569", trust: 0.8, url: "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3569.html", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html", }, { title: "TLSA-2015-2", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html", }, { title: "株式会社バッファロー の告知ページ", trust: 0.8, url: "http://buffalo.jp/support_s/s20150327b.html", }, { title: "Red Hat: CVE-2014-3569", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3569", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3569", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "NVD", id: "CVE-2014-3569", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.4, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { trust: 1.1, url: "https://support.apple.com/ht204659", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142895206924048&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496179803395&w=2", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380", }, { trust: 1.1, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496289803847&w=2", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/71934", }, { trust: 1.1, url: "https://security-tracker.debian.org/tracker/cve-2014-3569", }, { trust: 1.1, url: "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3569.html", }, { trust: 1.1, url: "http://rt.openssl.org/ticket/display.html?id=3571&user=guest&pass=guest", }, { trust: 1.1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=b82924741b4bd590da890619be671f4635e46c2b", }, { trust: 1.1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=6ce9687b5aba5391fc0de50e18779eb676d0e04d", }, { trust: 1.1, url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=392fa7a952e97d82eac6958c81ed1e256e6b8ca5", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.9, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu98974537/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu91828320/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3569", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.6, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.6, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699667", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/160", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699271", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699938", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903784", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902374", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902694", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697291", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903726", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959633", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698506", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699069", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3567", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3513", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.2, url: "http://www.debian.org/security/", }, { trust: 0.2, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1790", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1788", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1792", }, { trust: 0.2, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.2, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3195", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0799", }, { trust: 0.2, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1789", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1791", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7501", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2017", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6565", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3568", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3508", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3194", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3509", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3511", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3569", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=38390", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0291", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1787", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0290", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0292", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5432", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5433", }, { trust: 0.1, url: "http://www.debian.org/security/faq", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0160", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0198", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150319.txt", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5298", }, { trust: 0.1, url: "http://openssl.org/news/secadv_20150108.txt", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0221", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3470", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0195", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3566", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5409", }, { trust: 0.1, url: "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result&doc", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5412", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5413", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5410", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5411", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7995", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2007-6750", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8035", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3237", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2015", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0728", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7547", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-4969", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958", }, { trust: 0.1, url: "http://www.hpe.com/info/insightcontrol", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "http://www.hp.com/go/smh", }, { trust: 0.1, url: "http://www.hpe.com/info/insightmanagement", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2019", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2020", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2018", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2022", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2027", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3555", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2026", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2021", }, { trust: 0.1, url: "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber", }, { trust: 0.1, url: "https://www.hp.com/go/swa", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3569", }, { db: "BID", id: "71934", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130545", }, { db: "NVD", id: "CVE-2014-3569", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3569", }, { db: "BID", id: "71934", }, { db: "JVNDB", id: "JVNDB-2014-007389", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "129880", }, { db: "PACKETSTORM", id: "131044", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "137292", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "PACKETSTORM", id: "137201", }, { db: "PACKETSTORM", id: "130545", }, { db: "NVD", id: "CVE-2014-3569", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-12-24T00:00:00", db: "VULMON", id: "CVE-2014-3569", }, { date: "2014-10-17T00:00:00", db: "BID", id: "71934", }, { date: "2014-12-25T00:00:00", db: "JVNDB", id: "JVNDB-2014-007389", }, { date: "2015-08-26T01:33:25", db: "PACKETSTORM", id: "133318", }, { date: "2015-08-26T01:33:18", db: "PACKETSTORM", id: "133317", }, { date: "2015-01-12T17:17:37", db: "PACKETSTORM", id: "129880", }, { date: "2015-03-27T20:42:44", db: "PACKETSTORM", id: "131044", }, { date: "2015-08-26T01:33:07", db: "PACKETSTORM", id: "133316", }, { date: "2016-06-02T19:12:12", db: "PACKETSTORM", id: "137292", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-07-21T13:37:51", db: "PACKETSTORM", id: "132763", }, { date: "2016-05-26T09:22:00", db: "PACKETSTORM", id: "137201", }, { date: "2015-02-26T17:13:09", db: "PACKETSTORM", id: "130545", }, { date: "2014-12-24T11:59:00.057000", db: "NVD", id: "CVE-2014-3569", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2014-3569", }, { date: "2017-01-23T00:09:00", db: "BID", id: "71934", }, { date: "2016-10-07T00:00:00", db: "JVNDB", id: "JVNDB-2014-007389", }, { date: "2023-11-07T02:20:13.593000", db: "NVD", id: "CVE-2014-3569", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "71934", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of s23_srvr.c of ssl23_get_client_hello Service disruption in functions (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2014-007389", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "71934", }, ], trust: 0.3, }, }
var-201501-0434
Vulnerability from variot
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller
CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld
Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple
libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298
OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple
PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein
SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple
Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146
UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple
WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571]
A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206]
When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569] This does not affect FreeBSD's default build.
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572]
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204]
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275]
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570]
III. Impact
An attacker who can send a carefully crafted DTLS message can cause server daemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2014-3571]
An attacker who can send repeated DTLS records with the same sequence number but for the next epoch can exhaust the server's memory and result in a Denial of Service. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. [CVE-2015-0204]
A client could authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as described in .
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0849-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0849.html Issue date: 2015-04-16 CVE Names: CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 =====================================================================
- Summary:
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226)
A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2015-0204)
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586)
The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat.
This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.3 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):
1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=appplatform&version=6.4 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101934
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0434", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1.6, vendor: "openssl", version: "1.0.1e", }, { model: "powerlinux 7r2", scope: "eq", trust: 1.2, vendor: "ibm", version: "0", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.2.5", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8zc", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7200", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7700", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7800", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7100", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.1", }, { model: "sparc enterprise m3000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.3", }, { model: "ip38x/fw120", scope: "eq", trust: 0.8, vendor: "nec", version: "rev.11.03.08 before", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "sparc enterprise m5000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "tuning manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0", }, { model: "sparc enterprise m9000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.2", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "2260", }, { model: "sparc enterprise m4000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.0", }, { model: "ip38x/sr100", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.8.5", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle mobile security suite mss 3.0", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.2", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0 2007 update release 2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r3", }, { model: "ip38x/3000", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.0p", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r2", }, { model: "ip38x/58i", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "10", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "3.0", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1", }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0", }, { model: "ip38x/1200", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.1", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.22 and earlier", }, { model: "ip38x/3500", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.4", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.4", }, { model: "ip38x/n500", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r1", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 10.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.3", }, { model: "ip38x/1210", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "1120", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.1", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.2", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.1k", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1", }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(fujitsu m10-1/m10-4/m10-4s server )", }, { model: "sparc enterprise m8000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "ip38x/5000", scope: "eq", trust: 0.8, vendor: "nec", version: "all revisions", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "device manager", scope: "eq", trust: 0.8, vendor: "hitachi", version: "software", }, { model: "ip38x/810", scope: "eq", trust: 0.8, vendor: "nec", version: "rev.11.01.21 before", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "7400", }, { model: "power express", scope: "eq", trust: 0.6, vendor: "ibm", version: "5200", }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "5700", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "7300", }, { model: "powerlinux 7r1", scope: "eq", trust: 0.6, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.5", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "7600", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "power system s822", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.2", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "783.00", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205635", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.80", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "flex system p270 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7954-24x)0", }, { model: "project openssl 0.9.8f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems e870", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.50", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.3", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355042540", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "netezza platform software 7.0.4.7-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "project openssl 0.9.8u", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.1", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2.2", }, { model: "packetshaper s-series", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "11.0", }, { model: "cms", scope: "eq", trust: 0.3, vendor: "avaya", version: "17.0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "flex system p260 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-23x)0", }, { model: "netezza platform software 7.2.0.4-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "junos os 13.3r6", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.19", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "proxyav", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.5", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.70", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.21", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "netezza platform software 7.0.2.16-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.4", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.2", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355041980", }, { model: "power systems 350.c0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "workflow for bluemix", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "5750", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "app for netapp data ontap", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "filenet system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37001.1", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "power system s814", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "sterling connect:direct for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.2", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.21", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.4", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "flex system fabric cn4093 10gb converged scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.6.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "10.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.40", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.b1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.12", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.3", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.e0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "sparc enterprise m5000", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.21", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "alienvault", scope: "ne", trust: 0.3, vendor: "alienvault", version: "4.15.1", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "flashsystem 9848-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50001.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "power systems 350.e1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ctpview", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "netezza platform software 7.0.2.15-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.00", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.13", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.8", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079450", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.5", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.19", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "app for stream", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "power systems 350.a0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "malware analyzer g2", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.5", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.3", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "proxyav", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.3", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bcaaa", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.1", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.1.8", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.1.8", }, { model: "jboss enterprise application platform", scope: "eq", trust: 0.3, vendor: "redhat", version: "6.3", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.4", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "13.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "content analysis system", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.00", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.02", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.4", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.22", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "norman shark scada protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "820.03", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205577", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "10g vfsm for bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.6.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571451.43", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365042550", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.3", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571910", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.16", }, { model: "proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.11", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.81", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.8", }, { model: "security analytics platform", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "7.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.00", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 12.3r10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.45", }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "cacheflow", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "3.3", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571480", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.6", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.50", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "cms r17 r4", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "proxysg sgos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.5", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073800", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.60", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "netezza platform software 7.1.0.4-p1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "powerlinux 7r4", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.1", }, { model: "norman shark network protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "proxysg sgos", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "6.5.6.2", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "infosphere master data management patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "power systems 350.b0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system idataplex dx360 m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x63910", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "sparc enterprise m4000", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "management center", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.2", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bcaaa", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.5", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "integration bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "power ese", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571460", }, { model: "sametime community server hf1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571431.43", }, { model: "as infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "8.1", }, { model: "cognos controller if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "820.02", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.00", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.5", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.11", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.1.7", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.1.7", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2", }, { model: "linux enterprise server for vmware sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "sametime community server limited use", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "flex system p260 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-22x)0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571470", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "jabber voice for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "netezza platform software 7.0.4.8-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12.1", }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "52056340", }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.3", }, { model: "power system s824l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365041990", }, { model: "system m4 hd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "flex system interconnect fabric", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.80", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.30", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "infosphere master data management provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.2", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.116", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "power express", scope: "eq", trust: 0.3, vendor: "ibm", version: "560", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "10g vfsm for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "norman shark industrial control system protection", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "5.3.2", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "power 795", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "flex system fabric si4093 system interconnect module", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "management center", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.3", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.6", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.51", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "flashsystem 9846-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571430", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x73210", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.21", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "cms r17 r3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "1:10g switch for bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.4.10.0", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power system s822l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571450", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5504667", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.10", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205587", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "malware analysis appliance", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1.1", }, { model: "project openssl 0.9.8zd", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x63800", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.60", }, { model: "director", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.19", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.5", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "ctpview 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.1", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "cognos controller interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.41", }, { model: "flex system fabric cn4093 10gb converged scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter js22", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7998-61x)0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3.0.5", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.20", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.32", }, { model: "1:10g switch for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.19", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.15", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "openssh for gpfs", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079460", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "packetshaper s-series", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "11.2", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.1.8", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.213", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079440", }, { model: "bladecenter js23", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7778-23x)0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "enterprise content management system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mint", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571920", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.5", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079470", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "52056330", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571490", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3", }, { model: "1:10g switch for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4.80", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "bladecenter js43 with feature code", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7778-23x8446)0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.1", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "security analytics platform", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.6", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.51", }, { model: "enterprise content management system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x330073820", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2", }, { model: "power system s824", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ctp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "websphere message broker", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "flex system fabric cn4093 10gb converged scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "7500", }, { model: "packetshaper s-series", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "11.1", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "sparc enterprise m3000", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "power systems e880", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "management center", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.0", }, { model: "proxysg sgos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.5", }, { model: "ctpos 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "flex system p460 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-42x)0", }, { model: "content analysis system", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.5", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.10", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8734-", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3.0.5", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.12", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.3", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp07", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.61", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.20", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.90", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.02", }, { model: "bladecenter js12 express", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7998-60x)0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "jboss enterprise application platform", scope: "ne", trust: 0.3, vendor: "redhat", version: "6.4", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.7", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "flashsystem 9840-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.12", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3.0.5", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.50", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.6", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.7", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.20", }, { model: "cognos controller if3", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.10", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.11", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.6", }, { model: "flex system p24l compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "power system s812l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.10", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.2", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.1", }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "5", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8731-", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "datapower gateway", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.11", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "783.01", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x73230", }, { model: "management center", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "1.1", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "norman shark scada protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363073770", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.10", }, { model: "flex system interconnect fabric", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "sterling connect:direct for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.3", }, { model: "cognos controller fp1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "project openssl 1.0.0h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.3", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.2(3.1)", }, { model: "netezza platform software 7.1.0.5-p3", scope: "ne", trust: 0.3, vendor: "ibm", version: null, }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "cms r16", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.20", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "netezza platform software", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "x-series xos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "9.6", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.01", }, { model: "power systems 350.d0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.40", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.2", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "74.90", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "norman shark network protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "director", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.40", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "flex system p260 compute node /fc efd9", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.2", }, { model: "app for vmware", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "5950", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "junos os 12.3x48-d10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "malware analyzer g2", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "4.1", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054540", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "sparc enterprise m8000", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.3", }, { model: "sterling connect:direct for hp nonstop", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "ctpos 6.6r5", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "proxysg sgos", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "6.2", }, { model: "cloud", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 13.2r8", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.01", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "norman shark industrial control system protection", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "5.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.52", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power express", scope: "eq", trust: 0.3, vendor: "ibm", version: "550", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350078390", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "management center", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "1.3.2.1", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5504965", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "security access manager for mobile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.70", }, { model: "content analysis system", scope: "ne", trust: 0.3, vendor: "bluecoat", version: "1.2.3.1", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.6", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.31", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "flex system p460 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-43x)0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.8", }, { model: "sparc enterprise m9000", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79190", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3.0.5", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.8", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.00", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "security analytics platform", scope: "eq", trust: 0.3, vendor: "bluecoat", version: "7.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "71939", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "CNNVD", id: "CNNVD-201501-160", }, { db: "NVD", id: "CVE-2014-3570", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8zc", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3570", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, ], trust: 0.6, }, cve: "CVE-2014-3570", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2014-3570", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3570", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201501-160", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2014-3570", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3570", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "CNNVD", id: "CNNVD-201501-160", }, { db: "NVD", id: "CVE-2014-3570", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A process may gain admin privileges without properly\nauthenticating\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Cookies belonging to one origin may be sent to another\norigin\nDescription: A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Authentication credentials may be sent to a server on\nanother origin\nDescription: A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A NULL pointer dereference existed in NVIDIA graphics\ndriver's handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local application may be able to cause a denial of service\nDescription: An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily's\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily's\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system shutdown\nDescription: An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause a system denial of service\nDescription: A race condition existed in the kernel's setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to bypass network filters\nDescription: The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause the Finder to crash\nDescription: An input validation issue existed in LaunchServices's\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in LaunchServices's\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may brute force ntpd authentication keys\nDescription: The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription: If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit's handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A user's password may be logged to a local file\nDescription: In some circumstances, Screen Sharing may log a user's\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Tampered applications may not be prevented from launching\nDescription: Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple's Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:01.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-01-14\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit <URL:https://security.FreeBSD.org/>. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL\ndue to a NULL pointer dereference. [CVE-2014-3571]\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. [CVE-2015-0206]\n\nWhen OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. [CVE-2014-3569] This does not affect\nFreeBSD's default build. \n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH\nciphersuite using an ECDSA certificate if the server key exchange message\nis omitted. [CVE-2014-3572]\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. [CVE-2015-0204]\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-8275]\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. [CVE-2014-3570]\n\nIII. Impact\n\nAn attacker who can send a carefully crafted DTLS message can cause server\ndaemons that uses OpenSSL to crash, resulting a Denial of Service. \n[CVE-2014-3571]\n\nAn attacker who can send repeated DTLS records with the same sequence number\nbut for the next epoch can exhaust the server's memory and result in a Denial of\nService. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. [CVE-2015-0204]\n\nA client could authenticate without the use of a private key. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate's fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch < /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\n\nVII. References\n\n<URL:https://www.openssl.org/news/secadv_20150108.txt>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205>\n\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206>\n\nThe latest revision of this advisory is available at\n<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.1 (FreeBSD)\n\niQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB\nQCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q\nU7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL\nJSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR\n4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY\nfIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3\nDJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa\nxOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq\naQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0\nsJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp\ni5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J\n6FLFZ38YkLcUIzW6I6Kc\n=ztFk\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update\nAdvisory ID: RHSA-2015:0849-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0849.html\nIssue date: 2015-04-16\nCVE Names: CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 \n CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 \n CVE-2015-0277 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.0, and fix multiple security issues, several bugs, and add various\nenhancements, are now available from the Red Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nIt was found that a prior countermeasure in Apache WSS4J for\nBleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an\nexception that permitted an attacker to determine the failure of the\nattempted attack, thereby leaving WSS4J vulnerable to the attack. \nThe original flaw allowed a remote attacker to recover the entire plain\ntext form of a symmetric key. (CVE-2015-0226)\n\nA flaw was found in the way PicketLink's Service Provider and Identity\nProvider handled certain requests. A remote attacker could use this flaw to\nlog to a victim's account via PicketLink. (CVE-2015-0277)\n\nIt was discovered that a JkUnmount rule for a subtree of a previous JkMount\nrule could be ignored. This could allow a remote attacker to potentially\naccess a private artifact in a tree that would otherwise not be accessible\nto them. (CVE-2015-0204)\n\nIt was found that Apache WSS4J permitted bypass of the\nrequireSignedEncryptedDataElements configuration property via XML Signature\nwrapping attacks. A remote attacker could use this flaw to modify the\ncontents of a signed request. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was found that the Command Line Interface, as provided by Red Hat\nEnterprise Application Platform, created a history file named\n.jboss-cli-history in the user's home directory with insecure default file\npermissions. This could allow a malicious local user to gain information\notherwise not accessible to them. (CVE-2014-3586)\n\nThe CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. \n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. Documentation for these changes will be available\nshortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,\nlinked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 as provided\nfrom the Red Hat Customer Portal are advised to apply this update. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing\n1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)\n1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property\n1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3586\nhttps://access.redhat.com/security/cve/CVE-2014-8111\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0226\nhttps://access.redhat.com/security/cve/CVE-2015-0227\nhttps://access.redhat.com/security/cve/CVE-2015-0277\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=appplatform&version=6.4\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/\n\n6. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n\nReferences:\n\n CVE-2014-8275 Cryptographic Issues (CWE-310)\n CVE-2014-3569 Remote Denial of Service (DoS)\n CVE-2014-3570 Cryptographic Issues (CWE-310)\n CVE-2014-3571 Remote Denial of Service (DoS)\n CVE-2014-3572 Cryptographic Issues (CWE-310)\n CVE-2015-0204 Cryptographic Issues (CWE-310)\n SSRT101934\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la\nng=en-us&cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners", sources: [ { db: "NVD", id: "CVE-2014-3570", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "BID", id: "71939", }, { db: "VULMON", id: "CVE-2014-3570", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131471", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3570", trust: 3.7, }, { db: "JUNIPER", id: "JSA10679", trust: 1.4, }, { db: "BID", id: "71939", trust: 1.4, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "JVN", id: "JVNVU91828320", trust: 0.8, }, { db: "JVN", id: "JVNVU98974537", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2014-007551", trust: 0.8, }, { db: "AUSCERT", id: "ESB-2022.0696", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.2148", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.4252", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201501-160", trust: 0.6, }, { db: "VULMON", id: "CVE-2014-3570", trust: 0.1, }, { db: "PACKETSTORM", id: "133318", trust: 0.1, }, { db: "PACKETSTORM", id: "131359", trust: 0.1, }, { db: "PACKETSTORM", id: "129973", trust: 0.1, }, { db: "PACKETSTORM", id: "131471", trust: 0.1, }, { db: "PACKETSTORM", id: "133316", trust: 0.1, }, { db: "PACKETSTORM", id: "130987", trust: 0.1, }, { db: "PACKETSTORM", id: "131408", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "132763", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3570", }, { db: "BID", id: "71939", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131471", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "CNNVD", id: "CNNVD-201501-160", }, { db: "NVD", id: "CVE-2014-3570", }, ], }, id: "VAR-201501-0434", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.36198661599999993, }, last_update_date: "2024-06-14T21:15:22.926000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { title: "HT204659", trust: 0.8, url: "http://support.apple.com/en-us/ht204659", }, { title: "HT204659", trust: 0.8, url: "http://support.apple.com/ja-jp/ht204659", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { title: "Fix for CVE-2014-3570 (with minor bn_asm.c revamp).", trust: 0.8, url: "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0", }, { title: "HS15-031", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-031/index.html", }, { title: "HPSBUX03244 SSRT101885", trust: 0.8, url: "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c04556853", }, { title: "HPSBGN03299", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142720981827617&w=2", }, { title: "HPSBHF03289", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { title: "NV15-017", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-017.html", }, { title: "Bignum squaring may produce incorrect results (CVE-2014-3570)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Oracle Critical Patch Update Advisory - April 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Oracle Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "RHSA-2015:0066", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { title: "RHSA-2015:0849 ", trust: 0.8, url: "http://rhn.redhat.com/errata/rhsa-2015-0849.html", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "April 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html", }, { title: "HS15-031", trust: 0.8, url: "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-031/index.html", }, { title: "株式会社バッファロー の告知ページ", trust: 0.8, url: "http://buffalo.jp/support_s/s20150327b.html", }, { title: "TLSA-2015-2", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html", }, { title: "openssl-1.0.0p", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190", }, { title: "openssl-0.9.8zd", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189", }, { title: "openssl-1.0.1k.tar.gz", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191", }, { title: "Red Hat: Moderate: openssl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150066 - security advisory", }, { title: "Red Hat: CVE-2014-3570", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3570", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2459-1", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Tenable Security Advisories: [R7] OpenSSL '20150108' Advisory Affects Tenable Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2015-03", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa5ab46566482c02434bb8cf65c9614e", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3570", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "CNNVD", id: "CNNVD-201501-160", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "NVD", id: "CVE-2014-3570", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.5, url: "http://rhn.redhat.com/errata/rhsa-2015-0849.html", }, { trust: 1.4, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.4, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.1, url: "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html", }, { trust: 1.1, url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/71939", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496289803847&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142720981827617&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { trust: 1.1, url: "https://support.apple.com/ht204659", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142895206924048&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496179803395&w=2", }, { trust: 1.1, url: "http://rhn.redhat.com/errata/rhsa-2016-1650.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu91828320/index.html", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98974537/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3570", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.6, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.6, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0696", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10887855", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.2148/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.4252/", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699883", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/160", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101010784", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698818", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699271", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101008182", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699938", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883287", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902694", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902277", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21697291", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699235", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903726", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21697162", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700411", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=swg21700028", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695985", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701453", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21959002", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699052", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698506", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699810", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699069", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.3, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2014-3570", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0287", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0289", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/310.html", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=36959", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2459-1/", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0291", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1787", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0290", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0292", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0293", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0118", }, { trust: 0.1, url: "https://www.frida.re", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht204658", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6438", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3487", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3597", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3670", }, { trust: 0.1, url: "http://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0238", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-2497", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3587", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0237", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3669", }, { trust: 0.1, url: "https://support.apple.com/en-", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0098", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3538", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0117", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3480", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3668", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0207", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-5704", }, { trust: 0.1, url: "http://dtorres.me)", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3479", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3478", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6712", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch", }, { trust: 0.1, url: "https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571>", }, { trust: 0.1, url: "https://www.openssl.org/news/secadv_20150108.txt>", }, { trust: 0.1, url: "https://security.freebsd.org/>.", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569>", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570>", }, { trust: 0.1, url: "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc>", }, { trust: 0.1, url: "https://www.freebsd.org/handbook/makeworld.html>.", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204>", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0204", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3586", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0277", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0277", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0226", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-8111", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8111", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3586", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=appplatform&version=6.4", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0227", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0227", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0226", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5409", }, { trust: 0.1, url: "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result&doc", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5412", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5413", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5410", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5411", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0235", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "https://h20566.www2.hp.com/portal/site/hpsc/patch/home", }, { trust: 0.1, url: "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "http://www.hp.com/go/smh", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3570", }, { db: "BID", id: "71939", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131471", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "CNNVD", id: "CNNVD-201501-160", }, { db: "NVD", id: "CVE-2014-3570", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3570", }, { db: "BID", id: "71939", }, { db: "JVNDB", id: "JVNDB-2014-007551", }, { db: "PACKETSTORM", id: "133318", }, { db: "PACKETSTORM", id: "131359", }, { db: "PACKETSTORM", id: "129973", }, { db: "PACKETSTORM", id: "131471", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "131408", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "132763", }, { db: "CNNVD", id: "CNNVD-201501-160", }, { db: "NVD", id: "CVE-2014-3570", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-01-09T00:00:00", db: "VULMON", id: "CVE-2014-3570", }, { date: "2015-01-08T00:00:00", db: "BID", id: "71939", }, { date: "2015-01-13T00:00:00", db: "JVNDB", id: "JVNDB-2014-007551", }, { date: "2015-08-26T01:33:25", db: "PACKETSTORM", id: "133318", }, { date: "2015-04-09T16:30:50", db: "PACKETSTORM", id: "131359", }, { date: "2015-01-15T16:53:07", db: "PACKETSTORM", id: "129973", }, { date: "2015-04-17T06:44:37", db: "PACKETSTORM", id: "131471", }, { date: "2015-08-26T01:33:07", db: "PACKETSTORM", id: "133316", }, { date: "2015-03-24T17:05:09", db: "PACKETSTORM", id: "130987", }, { date: "2015-04-14T18:54:44", db: "PACKETSTORM", id: "131408", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-07-21T13:37:51", db: "PACKETSTORM", id: "132763", }, { date: "2015-01-09T00:00:00", db: "CNNVD", id: "CNNVD-201501-160", }, { date: "2015-01-09T02:59:00.053000", db: "NVD", id: "CVE-2014-3570", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-15T00:00:00", db: "VULMON", id: "CVE-2014-3570", }, { date: "2017-01-23T00:09:00", db: "BID", id: "71939", }, { date: "2016-08-09T00:00:00", db: "JVNDB", id: "JVNDB-2014-007551", }, { date: "2022-02-18T00:00:00", db: "CNNVD", id: "CNNVD-201501-160", }, { date: "2017-11-15T02:29:05.220000", db: "NVD", id: "CVE-2014-3570", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "131471", }, { db: "PACKETSTORM", id: "131408", }, { db: "CNNVD", id: "CNNVD-201501-160", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of BN_sqr Vulnerability that breaks cryptographic protection mechanisms", sources: [ { db: "JVNDB", id: "JVNDB-2014-007551", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-201501-160", }, ], trust: 0.6, }, }
var-201501-0436
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04604357
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04604357 Version: 1
HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-19 Last Updated: 2015-03-19
Potential Security Impact: Remote disclosure of information, unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:
The SSL vulnerability known as "FREAK", which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access.
References:
CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 SSRT101987
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. CVE-2014-3572 and CVE-2015-0204
HP IceWall MCRP Version 2.1 and 3.0
HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0
HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version
10.0 HP IceWall Federation Agent Version 3.0
CVE-2014-3570 and CVE-2014-8275
HP IceWall MCRP v2.1, v3.0
HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates and workaround instructions to resolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3.
Documents are available at the following location with instructions to
switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,
and SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
3. For HP IceWall products running on RHEL and are using the OS bundled
OpenSSL, RHEL has provided patch or mitigation instructions at the following location:
https://access.redhat.com/articles/1369543
Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch
for OpenSSL from the following location:
https://access.redhat.com/security/cve/CVE-2014-8275
4. For IceWall products running on HP-UX which are using the OS bundled
OpenSSL, please apply the HP-UX OpenSSL update from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ
ctNumber=OPENSSL11I
WORKAROUND INSTRUCTIONS
HP recommends the following information to protect against potential risk from CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
- If possible, do not use the SHOST setting which allows IceWall SSO
Dfw or MCRP to use SSL/TLS protocol to back-end web servers.
- If possible, do not use EXPORT-grade ciphers on the back-end web
servers.
HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch
release 2)
- If possible, do not use the LDAPSSL setting which allows IceWall SSO
Certd to connect to the LDAP server using SSL/TLS protocol.
- If possible, do not use EXPORT-grade ciphers on the LDAP server.
IceWall Federation Agent
- If possible, use "bindings:HTTP-POST" instead of
"bindings:HTTP-Artifact" setting in the service provider meta file. The "bindings:HTTP-POST" setting would disable IWFA to use SSL for communicating with IdP server.
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 19 March 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. OpenSSL Security Advisory [08 Jan 2015] =======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0436", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "powerlinux 7r2", scope: "eq", trust: 1.2, vendor: "ibm", version: "0", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 1.1, vendor: "oracle", version: "7.2.5", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0m", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0n", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0o", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0g", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0b", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1e", }, { model: "openssl", scope: "lte", trust: 1, vendor: "openssl", version: "0.9.8zc", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1h", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1j", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1a", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0f", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0e", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0c", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1d", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.1i", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0l", }, { model: "openssl", scope: "eq", trust: 1, vendor: "openssl", version: "1.0.0k", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7200", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7700", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7800", }, { model: "power", scope: "eq", trust: 0.9, vendor: "ibm", version: "7100", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.1", }, { model: "sparc enterprise m3000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.3", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "sparc enterprise m5000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0", }, { model: "sparc enterprise m9000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.2", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "2260", }, { model: "sparc enterprise m4000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.0", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.8.5", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.63", }, { model: "fusion middleware", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle mobile security suite mss 3.0", }, { model: "solaris", scope: "eq", trust: 0.8, vendor: "oracle", version: "11.2", }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 4.71", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "agent 8.0 2007 update release 2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r3", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.0p", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r2", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "3.0", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.1", }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )", }, { model: "openssl", scope: "lt", trust: 0.8, vendor: "openssl", version: "1.0.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.1", }, { model: "mysql", scope: "lte", trust: 0.8, vendor: "oracle", version: "5.6.22 and earlier", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.4", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.4", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 8.0 r1", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(arm) 4.2", }, { model: "hp icewall sso", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "dfw 10.0", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 4.3", }, { model: "xcp", scope: "eq", trust: 0.8, vendor: "oracle", version: "1120", }, { model: "hp thinpro linux", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "(x86) 5.1", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.2", }, { model: "openssl", scope: "eq", trust: 0.8, vendor: "openssl", version: "1.0.1k", }, { model: "hp icewall mcrp", scope: "eq", trust: 0.8, vendor: "hewlett packard", version: "2.1", }, { model: "xcp", scope: "lt", trust: 0.8, vendor: "oracle", version: "(fujitsu m10-1/m10-4/m10-4s server )", }, { model: "sparc enterprise m8000 server", scope: null, trust: 0.8, vendor: "oracle", version: null, }, { model: "virtualization", scope: "eq", trust: 0.8, vendor: "oracle", version: "of oracle secure global desktop 5.1", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "7400", }, { model: "power express", scope: "eq", trust: 0.6, vendor: "ibm", version: "5200", }, { model: "paging server", scope: "eq", trust: 0.6, vendor: "cisco", version: "0", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "5700", }, { model: "power", scope: "eq", trust: 0.6, vendor: "ibm", version: "7300", }, { model: "powerlinux 7r1", scope: "eq", trust: 0.6, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.6, vendor: "hp", version: "7.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70001.1", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.5", }, { model: "mate collector", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ata series analog terminal adaptor", scope: "eq", trust: 0.3, vendor: "cisco", version: "1900", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "7600", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.1", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "power system s822", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "bladecenter advanced management module 25r5778", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "30000", }, { model: "telepresence server on virtual machine", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "1948", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "783.00", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205635", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.6", }, { model: "upward integration modules scvmm add-in", scope: "ne", trust: 0.3, vendor: "ibm", version: "1.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.80", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "flex system p270 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7954-24x)0", }, { model: "project openssl 0.9.8f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "6", }, { model: "power systems e870", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sbr carrier", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22025850", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.4", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.50", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.3", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "project openssl 1.0.0d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355042540", }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "90000", }, { model: "project openssl 1.0.1e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79120", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "project openssl 0.9.8u", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32400", }, { model: "project openssl 1.0.1a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl b", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "85100", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2", }, { model: "ip interoperability and collaboration system", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl k", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.0p", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3400", }, { model: "systems insight manager 7.3.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "flex system p260 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-23x)0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.0.0", }, { model: "project openssl 1.0.0g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "junos os 13.3r6", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli netcool/reporter", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.19", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "70104.1", }, { model: "prime security manager 04.8 qa08", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.70", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.21", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.7", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.4", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.2", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.3", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.1", }, { model: "project openssl 0.9.8zb", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0-68", }, { model: "prime license manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.1.7", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355041980", }, { model: "power systems 350.c0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.842", }, { model: "workflow for bluemix", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "5750", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "app for netapp data ontap", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "flex system manager node types", scope: "eq", trust: 0.3, vendor: "ibm", version: "79550", }, { model: "filenet system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2-77", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "telepresence te software", scope: "eq", trust: 0.3, vendor: "cisco", version: "-0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.9.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073830", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "7", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.2.2.2", }, { model: "network configuration and change management service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "prime collaboration assurance", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "telepresence content server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37001.1", }, { model: "tandberg codian mse model", scope: "eq", trust: 0.3, vendor: "cisco", version: "83200", }, { model: "local collector appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.2.8", }, { model: "power system s814", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "project openssl 0.9.8w", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310025820", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.21", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.4", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.2", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "flex system fabric cn4093 10gb converged scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.3", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.6.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.40", }, { model: "project openssl 1.0.0m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.b1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.27", }, { model: "cognos planning interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.12", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087380", }, { model: "project openssl 1.0.1g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems 350.e0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "project openssl 0.9.8m", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "prime lan management solution", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2", }, { model: "project openssl j", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.21", }, { model: "wide area application services", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "alienvault", scope: "ne", trust: 0.3, vendor: "alienvault", version: "4.15.1", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "5.0.12", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.96", }, { model: "flashsystem 9848-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "project openssl 1.0.1k", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50001.1", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8720", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1.2", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "power systems 350.e1", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "media services interface", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "ctpview", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6.156", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.00", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "project openssl 1.0.1i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12", }, { model: "unified attendant console advanced", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.13", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.8", }, { model: "proactive network operations center", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.6", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4.6", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12", }, { model: "system management homepage c", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "jabber for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079450", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.5", }, { model: "enterprise content delivery service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.4(7.26)", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.8.0.10", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "8886", }, { model: "unified sip proxy", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.19", }, { model: "telepresence advanced media gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1.4", }, { model: "unified attendant console premium edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32100", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "tivoli workload scheduler distributed fp03", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4", }, { model: "project openssl 0.9.8r", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "app for stream", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.1.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "power systems 350.a0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "project openssl 0.9.8n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.1", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.6", }, { model: "systems insight manager sp5", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.3", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.1", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.1(5.106)", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.3", }, { model: "project openssl 0.9.8y", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "upward integration modules for microsoft system center", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.1.8", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "5.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.4.1.8", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22079060", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "upward integration modules hardware management pack", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.4", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3850x638370", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88042590", }, { model: "project openssl 1.0.0l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "wireless lan controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "7967", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79180", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.11", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.9", }, { model: "opensuse", scope: "eq", trust: 0.3, vendor: "s u s e", version: "13.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.68", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.00", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.02", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.102", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.4", }, { model: "anyres live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "project openssl 0.9.8p", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.22", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "application policy infrastructure controller 1.0", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "820.03", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "8852", }, { model: "unified attendant console business edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "nextscale nx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "54550", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8750", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5.1", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205577", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15-210", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571451.43", }, { model: "tandberg codian isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32200", }, { model: "10g vfsm for bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.6.0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365042550", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.7", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.9.1", }, { model: "jabber video for telepresence", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571910", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0-103", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.12.201", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.16", }, { model: "proventia network enterprise scanner", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.95", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.4", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.11", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.1.3.3", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "prime collaboration deployment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.81", }, { model: "dx series ip phones", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-95", }, { model: "virtualization experience media engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.6", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "project openssl 0.9.8za", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2.0.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.00", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "ace30 application control engine module 3.0 a5", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 12.3r10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "unified computing system b-series servers", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8q", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0.11", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.96", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079150", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571480", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.6", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.6", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.7", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.2.127", }, { model: "jabber software development kit", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.50", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.8", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.2", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "firesight system software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.4.0.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "cms r17 r4", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087220", }, { model: "project openssl 1.0.1c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.4", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350073800", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.60", }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "1881", }, { model: "powerlinux 7r4", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8v", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "project openssl 1.0.1f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1-73", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "infosphere master data management patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.4.1", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.780", }, { model: "power systems 350.b0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "system idataplex dx360 m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x63910", }, { model: "tivoli provisioning manager for images", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.0", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0.1", }, { model: "upward integration modules scvmm add-in", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.4", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.5", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.0.0", }, { model: "identity service engine", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 0.9.8g", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "cms r17", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "virtual connect enterprise manager sdk", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.0.0", }, { model: "wag310g residential gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "power ese", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.0-14", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.4", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571460", }, { model: "sametime community server hf1", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571431.43", }, { model: "as infinity", scope: "ne", trust: 0.3, vendor: "pexip", version: "8.1", }, { model: "cognos controller if1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1.1.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "820.02", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.2", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.00", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.11", }, { model: "project openssl 1.0.0o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.3.1.7", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "tivoli workload scheduler for applications fp02", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2", }, { model: "linux enterprise server for vmware sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux enterprise server sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "email security appliance", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.6", }, { model: "application policy infrastructure controller", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.1(0.625)", }, { model: "bladecenter -s", scope: "eq", trust: 0.3, vendor: "ibm", version: "7779", }, { model: "agent desktop", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.0(2)", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x88079030", }, { model: "upward integration modules for vmware vsphere", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.3", }, { model: "sametime community server limited use", scope: "eq", trust: 0.3, vendor: "ibm", version: "9", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0.870", }, { model: "flex system p260 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-22x)0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24087370", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571470", }, { model: "snapdrive for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.2", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2.77", }, { model: "onepk all-in-one vm", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "jabber voice for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.10", }, { model: "hp-ux b.11.11", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.12.1", }, { model: "idp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "52056340", }, { model: "ctpos 7.0r4", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "aura conferencing", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "unified attendant console department edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0.840", }, { model: "system management homepage a", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11.197", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "prime data center network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.3", }, { model: "power system s824l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.15210", }, { model: "network performance analytics", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "splunk", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.0.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.64", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365041990", }, { model: "system m4 hd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054600", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.0", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.1", }, { model: "flex system interconnect fabric", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.80", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.30", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.0", }, { model: "infosphere master data management provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "hunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.2", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.116", }, { model: "rational software architect for websphere software", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "power express", scope: "eq", trust: 0.3, vendor: "ibm", version: "560", }, { model: "project openssl 0.9.8l", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "10g vfsm for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "version control repository manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "power 795", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "junos space", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.740", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1", }, { model: "flex system fabric si4093 system interconnect module", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "70000", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "project openssl h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "systems insight manager update", scope: "eq", trust: 0.3, vendor: "hp", version: "5.31", }, { model: "ddos secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system management homepage 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.6", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.51", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3204.1", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "flashsystem 9846-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "v840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "video surveillance series ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "60000", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x571430", }, { model: "project openssl i", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x73210", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.21", }, { model: "one-x client enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "cms r17 r3", scope: null, trust: 0.3, vendor: "avaya", version: null, }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x22279160", }, { model: "1:10g switch for bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.4.10.0", }, { model: "project openssl 1.0.0i", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power system s822l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571450", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5504667", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4.1", }, { model: "hp-ux b.11.23", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.10", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5205587", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "project openssl 0.9.8zd", scope: "ne", trust: 0.3, vendor: "openssl", version: null, }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x63800", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.1", }, { model: "ringmaster appliance", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.60", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.2", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.19", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.5", }, { model: "ctpview 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.1", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.2", }, { model: "cognos controller interim fix", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.0.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.41", }, { model: "flex system fabric cn4093 10gb converged scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0", }, { model: "flex system en2092 1gb ethernet scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "unified ip conference phone", scope: "eq", trust: 0.3, vendor: "cisco", version: "88310", }, { model: "project openssl 1.0.0e", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "bladecenter js22", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7998-61x)0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "clustered data ontap", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1.0.1", }, { model: "project openssl a", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vgw", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3.0.5", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.6", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.20", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3", }, { model: "project openssl c", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.32", }, { model: "1:10g switch for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "2.0", }, { model: "system m4 bd type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054660", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "system management homepage", scope: "ne", trust: 0.3, vendor: "hp", version: "7.5", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8x", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4.19", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.15", }, { model: "upward integration modules hardware management pack", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "openssh for gpfs", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5", }, { model: "src series", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "telepresence supervisor mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "80500", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079460", }, { model: "iptv", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "upward integration modules integrated installer", scope: "ne", trust: 0.3, vendor: "ibm", version: "5.5.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "linux enterprise desktop sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325025830", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "ns oncommand core package", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "project openssl 0.9.8t", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2.106", }, { model: "web security appliance 9.0.0 -fcs", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.0", }, { model: "systems insight manager sp3", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079440", }, { model: "bladecenter js23", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7778-23x)0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.1.830", }, { model: "service delivery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "enterprise content management system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "42000", }, { model: "hosted collaboration mediation fulfillment", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "mint", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "application networking manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system management homepage 7.3.2.1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "socialminer", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "3", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571920", }, { model: "project openssl 1.0.0c", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.14.20", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.760", }, { model: "aura collaboration environment", scope: "eq", trust: 0.3, vendor: "avaya", version: "3.0", }, { model: "video surveillance media server", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.7", }, { model: "data ontap smi-s agent", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "84200", }, { model: "physical access gateway", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0.5", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365079470", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "52056330", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.4", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3690x571490", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3", }, { model: "1:10g switch for bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4.80", }, { model: "telepresence video communication server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "prime network registrar", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.3", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "bladecenter js43 with feature code", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7778-23x8446)0", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "telepresence sx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.51", }, { model: "enterprise content management system monitor", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "system management homepage b", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.186", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x330073820", }, { model: "cognos planning", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "project openssl 1.0.0f", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "project openssl d", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "meetingplace", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "2", }, { model: "power system s824", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ctp", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "flex system fabric cn4093 10gb converged scalable switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "7500", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.0.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1.730", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363071580", }, { model: "power systems e880", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ctpos 7.1r1", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.2.0.5", }, { model: "project openssl 1.0.0j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "nexus series switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "35000", }, { model: "project openssl 1.0.0b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "flex system p460 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-42x)0", }, { model: "initiate master data service patient hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "enterprise", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.5", }, { model: "expressway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.5", }, { model: "bladecenter t advanced management module 32r0835", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.801", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70006.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.10", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8734-", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.3.0.5", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.20", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.11", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.0.820", }, { model: "systems insight manager sp2", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.2", }, { model: "edge digital media player", scope: "eq", trust: 0.3, vendor: "cisco", version: "3000", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.3", }, { model: "mobile wireless transport manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli workload scheduler distributed fp07", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.6", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.1.1", }, { model: "project openssl", scope: "eq", trust: 0.3, vendor: "openssl", version: "1.0.1", }, { model: "mate design", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.0", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24078630", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.61", }, { model: "hp-ux b.11.31", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.143", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087330", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.20", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x24089560", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.90", }, { model: "powervu d9190 conditional access manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.02", }, { model: "bladecenter js12 express", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7998-60x)0", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.1", }, { model: "project openssl 1.0.1j", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.2", }, { model: "project openssl f", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "bladecenter -t", scope: "eq", trust: 0.3, vendor: "ibm", version: "8730", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.1", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.4", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4.1.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.3", }, { model: "data ontap operating in 7-mode", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "tivoli workload scheduler for applications fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3.132", }, { model: "enterprise", scope: "ne", trust: 0.3, vendor: "splunk", version: "6.2.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.7", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x353071600", }, { model: "adaptive security appliance software", scope: "eq", trust: 0.3, vendor: "cisco", version: "9.0(4.29)", }, { model: "flashsystem 9840-ae1", scope: "eq", trust: 0.3, vendor: "ibm", version: "840", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2", }, { model: "upward integration modules for microsoft system center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.5", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3.0", }, { model: "mate live", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence integrator c series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.3.0.5", }, { model: "project openssl 1.0.1d", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0-12", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.50", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "7989", }, { model: "mobile security suite mss", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "rational software architect", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.1.104", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.6", }, { model: "tivoli workload scheduler distributed fp05", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1.0.7", }, { model: "nsm", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.20", }, { model: "cognos controller if3", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.10", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.11", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.6", }, { model: "flex system p24l compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1.0", }, { model: "bladecenter -ht", scope: "eq", trust: 0.3, vendor: "ibm", version: "8740", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0.860", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.4", }, { model: "power system s812l", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.10", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.2", }, { model: "flex system fabric en4093r 10gb scalable switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.4.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.1", }, { model: "prime collaboration provisioning", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "pulse secure", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "5", }, { model: "initiate master data service provider hub", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.5", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087180", }, { model: "flex system manager node", scope: "eq", trust: 0.3, vendor: "ibm", version: "8731-", }, { model: "websphere mq", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.5", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.1.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5.146", }, { model: "idataplex dx360 m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79130", }, { model: "systems insight manager sp6", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0.1.73", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "4", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "45000", }, { model: "telepresence isdn gw", scope: "eq", trust: 0.3, vendor: "cisco", version: "32410", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0", }, { model: "project openssl 0.9.8zc", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0n", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x310054570", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.0", }, { model: "infosphere master data management", scope: "ne", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.5", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "783.01", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "telepresence server on multiparty media", scope: "eq", trust: 0.3, vendor: "cisco", version: "3104.1", }, { model: "telepresence ex series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1", }, { model: "system idataplex dx360 m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x73230", }, { model: "webex meetings for android", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.3.1", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x363073770", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.10", }, { model: "flex system interconnect fabric", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.8.10.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.4", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1841", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.3", }, { model: "cognos controller fp1", scope: "ne", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.4", }, { model: "tivoli workload scheduler for applications", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "virtual connect enterprise manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1", }, { model: "project openssl 1.0.0h", scope: "eq", trust: 0.3, vendor: "openssl", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.3", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)4.4", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "initiate master data service", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.3", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "systems insight manager sp1", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.8.179", }, { model: "as infinity", scope: "eq", trust: 0.3, vendor: "pexip", version: "8", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.2", }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x355079140", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.20", }, { model: "project openssl 0.9.8o", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "alienvault", scope: "eq", trust: 0.3, vendor: "alienvault", version: "4.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "project openssl e", scope: "eq", trust: 0.3, vendor: "openssl", version: "0.9.8", }, { model: "project openssl 1.0.1b", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0k", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "810.01", }, { model: "power systems 350.d0", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "bladecenter -h", scope: "eq", trust: 0.3, vendor: "ibm", version: "1886", }, { model: "system m4 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x375087520", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.40", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.2", }, { model: "vds service broker", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence conductor", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "74.90", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.4", }, { model: "d9036 modular encoding platform", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "video surveillance 4300e/4500e high-definition ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.5", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "4.2", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.40", }, { model: "system type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x3950x638370", }, { model: "flex system p260 compute node /fc efd9", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "sametime", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.2.0", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "6", }, { model: "tivoli workload scheduler distributed fp01", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50006.2", }, { model: "app for vmware", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "power", scope: "eq", trust: 0.3, vendor: "ibm", version: "5950", }, { model: "ip office server edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "sterling connect:express for unix", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.5.0", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "cognos business intelligence server", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "junos os 12.3x48-d10", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "bladecenter -e", scope: "eq", trust: 0.3, vendor: "ibm", version: "8677", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.2", }, { model: "cognos controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "snapdrive for windows", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.0.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "one-x client enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "system m3 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x365054540", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "video surveillance ptz ip cameras", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "anyconnect secure mobility client for ios", scope: "eq", trust: 0.3, vendor: "cisco", version: "004.000(1233)", }, { model: "project openssl 0.9.8s", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.2.2.835", }, { model: "real-time compression appliance", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1.2.10", }, { model: "telepresence serial gateway series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.841", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35006.3", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.1.0.7", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "ctpos 6.6r5", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "cloud", scope: "eq", trust: 0.3, vendor: "splunk", version: "0", }, { model: "webex meetings server 2.5mr2", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "junos os 13.2r8", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37006.3", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "6.1.0.103", }, { model: "open systems snapvault", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "4.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.3", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "6.0.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.2.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "780.01", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "740.52", }, { model: "tivoli common reporting", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1.1", }, { model: "unified attendant console enterprise edition", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "power express", scope: "eq", trust: 0.3, vendor: "ibm", version: "550", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "system m2 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x350078390", }, { model: "tivoli provisioning manager for os deployment", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "power express f/c", scope: "eq", trust: 0.3, vendor: "ibm", version: "5504965", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "3.2.7", }, { model: "telepresence server", scope: "eq", trust: 0.3, vendor: "cisco", version: "87104.1", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "9.0", }, { model: "telepresence mcu", scope: "eq", trust: 0.3, vendor: "cisco", version: "53000", }, { model: "clustered data ontap antivirus connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1", }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.3", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.0.121", }, { model: "flex system fabric si4093 system interconnect module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.8.60", }, { model: "ios 15.5 s", scope: null, trust: 0.3, vendor: "cisco", version: null, }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.8", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.0.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.1.0.7", }, { model: "prime performance manager for sps ppm sp1", scope: "eq", trust: 0.3, vendor: "cisco", version: "1.6", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3", }, { model: "telepresence mx series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "session border controller for enterprise", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.3.0", }, { model: "tivoli workload scheduler distributed fp04", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.7.770", }, { model: "insight orchestration", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "350.70", }, { model: "telepresence isdn gw mse", scope: "eq", trust: 0.3, vendor: "cisco", version: "83210", }, { model: "ucs central", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "telepresence profile series", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "splunk", scope: "eq", trust: 0.3, vendor: "splunk", version: "5.0.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.1.0.6", }, { model: "san volume controller", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v37007.1", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.31", }, { model: "flex system compute node type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x44079170", }, { model: "system management homepage", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.1", }, { model: "unified communications domain manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "10.1.2", }, { model: "flex system p460 compute node", scope: "eq", trust: 0.3, vendor: "ibm", version: "(7895-43x)0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "systems insight manager 7.4.0a", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "systems insight manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.2", }, { model: "emergency responder", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v35007.2.0.8", }, { model: "dx360 m4 water cooled type", scope: "eq", trust: 0.3, vendor: "ibm", version: "79190", }, { model: "im and presence service", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.4.750", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v50007.3.0.5", }, { model: "upward integration modules for vmware vsphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.5.1", }, { model: "nac guest server", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "system m5 type", scope: "eq", trust: 0.3, vendor: "ibm", version: "x325054580", }, { model: "storwize", scope: "eq", trust: 0.3, vendor: "ibm", version: "v70007.2.0.8", }, { model: "power systems", scope: "eq", trust: 0.3, vendor: "ibm", version: "770.00", }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.3.4", }, { model: "tivoli provisioning manager for images system edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "x7.1.1.0", }, { model: "version control agent", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.10.800", }, { model: "thinpro linux", scope: "eq", trust: 0.3, vendor: "hp", version: "(x86)5.1", }, { model: "cloud object store", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, { model: "project openssl 1.0.1h", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "project openssl 1.0.0a", scope: null, trust: 0.3, vendor: "openssl", version: null, }, { model: "version control repository manager", scope: "eq", trust: 0.3, vendor: "hp", version: "2.1.9.790", }, ], sources: [ { db: "BID", id: "71942", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "NVD", id: "CVE-2014-3572", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "0.9.8zc", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-3572", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "HP", sources: [ { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130985", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "133325", }, ], trust: 0.5, }, cve: "CVE-2014-3572", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2014-3572", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-3572", trust: 1.8, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2014-3572", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-3572", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "NVD", id: "CVE-2014-3572", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04604357\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04604357\nVersion: 1\n\nHPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent\nrunning OpenSSL, Remote Disclosure of Information, Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-19\nLast Updated: 2015-03-19\n\nPotential Security Impact: Remote disclosure of information, unauthorized\naccess\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall SSO\nDfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:\n\nThe SSL vulnerability known as \"FREAK\", which could be exploited remotely to\nallow disclosure of information. \nOther vulnerabilities which could be exploited remotely resulting in\nunauthorized access. \n\nReferences:\n\nCVE-2014-3570\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nSSRT101987\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n CVE-2014-3572 and CVE-2015-0204\n\n HP IceWall MCRP Version 2.1 and 3.0\n HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0\n HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version\n10.0\n HP IceWall Federation Agent Version 3.0\n\n CVE-2014-3570 and CVE-2014-8275\n\n HP IceWall MCRP v2.1, v3.0\n HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\n HP recommends the following software updates and workaround instructions to\nresolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and\nFederation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please switch to\nthe OpenSSL library bundled with the OS, and then follow the instructions in\nstep 3. \n\n Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,\nand SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please\ndownload the updated OpenSSL at the following location:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 3. For HP IceWall products running on RHEL and are using the OS bundled\nOpenSSL, RHEL has provided patch or mitigation instructions at the following\nlocation:\n\n https://access.redhat.com/articles/1369543\n\n Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch\nfor OpenSSL from the following location:\n\n https://access.redhat.com/security/cve/CVE-2014-8275\n\n 4. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update from the following location:\n\n https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ\nctNumber=OPENSSL11I\n\nWORKAROUND INSTRUCTIONS\n\n HP recommends the following information to protect against potential risk\nfrom CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products. \n\n HP IceWall SSO Dfw and MCRP\n\n - If possible, do not use the SHOST setting which allows IceWall SSO\nDfw or MCRP to use SSL/TLS protocol to back-end web servers. \n\n - If possible, do not use EXPORT-grade ciphers on the back-end web\nservers. \n\n HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch\nrelease 2)\n\n - If possible, do not use the LDAPSSL setting which allows IceWall SSO\nCertd to connect to the LDAP server using SSL/TLS protocol. \n\n - If possible, do not use EXPORT-grade ciphers on the LDAP server. \n\n IceWall Federation Agent\n\n - If possible, use \"bindings:HTTP-POST\" instead of\n\"bindings:HTTP-Artifact\" setting in the service provider meta file. The\n\"bindings:HTTP-POST\" setting would disable IWFA to use SSL for communicating\nwith IdP server. \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 19 March 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate's fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", sources: [ { db: "NVD", id: "CVE-2014-3572", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "BID", id: "71942", }, { db: "VULMON", id: "CVE-2014-3572", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130985", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "129867", }, { db: "PACKETSTORM", id: "130051", }, ], trust: 2.7, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-3572", trust: 3, }, { db: "JUNIPER", id: "JSA10679", trust: 1.4, }, { db: "BID", id: "71942", trust: 1.4, }, { db: "MCAFEE", id: "SB10102", trust: 1.1, }, { db: "MCAFEE", id: "SB10108", trust: 1.1, }, { db: "SECTRACK", id: "1033378", trust: 1.1, }, { db: "JVN", id: "JVNVU98974537", trust: 0.8, }, { db: "JVN", id: "JVNVU91828320", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2014-007553", trust: 0.8, }, { db: "VULMON", id: "CVE-2014-3572", trust: 0.1, }, { db: "PACKETSTORM", id: "133317", trust: 0.1, }, { db: "PACKETSTORM", id: "130985", trust: 0.1, }, { db: "PACKETSTORM", id: "133316", trust: 0.1, }, { db: "PACKETSTORM", id: "130987", trust: 0.1, }, { db: "PACKETSTORM", id: "129870", trust: 0.1, }, { db: "PACKETSTORM", id: "133325", trust: 0.1, }, { db: "PACKETSTORM", id: "129867", trust: 0.1, }, { db: "PACKETSTORM", id: "130051", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-3572", }, { db: "BID", id: "71942", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130985", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "129867", }, { db: "PACKETSTORM", id: "130051", }, { db: "NVD", id: "CVE-2014-3572", }, ], }, id: "VAR-201501-0436", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.36198661599999993, }, last_update_date: "2024-07-23T21:40:45.003000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { title: "HT204659", trust: 0.8, url: "https://support.apple.com/en-us/ht204659", }, { title: "HT204659", trust: 0.8, url: "https://support.apple.com/ja-jp/ht204659", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { title: "ECDH downgrade bug fix.", trust: 0.8, url: "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63", }, { title: "HPSBUX03244 SSRT101885", trust: 0.8, url: "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853&lang=en&cc=us", }, { title: "HPSBGN03299", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142720981827617&w=2", }, { title: "HPSBHF03289", trust: 0.8, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { title: "NV15-017", trust: 0.8, url: "http://jpn.nec.com/security-info/secinfo/nv15-017.html", }, { title: "ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)", trust: 0.8, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Oracle Critical Patch Update Advisory - July 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html", }, { title: "Oracle Critical Patch Update Advisory - April 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { title: "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html", }, { title: "Oracle Critical Patch Update Advisory - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Oracle Third Party Bulletin - January 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { title: "RHSA-2015:0066", trust: 0.8, url: "https://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "July 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update", }, { title: "April 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update", }, { title: "October 2015 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update", }, { title: "cisco-sa-20150310-ssl", trust: 0.8, url: "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html", }, { title: "TLSA-2015-2", trust: 0.8, url: "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html", }, { title: "株式会社バッファロー の告知ページ", trust: 0.8, url: "http://buffalo.jp/support_s/s20150327b.html", }, { title: "Red Hat: Moderate: openssl security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20150066 - security advisory", }, { title: "Red Hat: CVE-2014-3572", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-3572", }, { title: "Ubuntu Security Notice: openssl vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2459-1", }, { title: "Debian Security Advisories: DSA-3125-1 openssl -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a3210fee56d96657bbff4ad44c3d0807", }, { title: "Amazon Linux AMI: ALAS-2015-469", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2015-469", }, { title: "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=e17c368f43499efc420edc223af663db", }, { title: "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=9281dc3b1a760e1cf2711cdf82cf64d7", }, { title: "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa5ab46566482c02434bb8cf65c9614e", }, { title: "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20150310-ssl", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4b527561ba1a5de7a529c8a93679f585", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eaf98750f1130c39e83765575c69e165", }, { title: "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=d9c34d2680d213e5c9dae973a42328f1", }, { title: "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=eb059834b7f24e2562bcf592b6d0afbc", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=21b119528a2fb8c78850a17027b71424", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, { title: "JPN_RIC13351-2", trust: 0.1, url: "https://github.com/neominds/jpn_ric13351-2 ", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3572", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "NVD", id: "CVE-2014-3572", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.openssl.org/news/secadv_20150108.txt", }, { trust: 1.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.4, url: "https://support.citrix.com/article/ctx216642", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2015-0066.html", }, { trust: 1.1, url: "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/71942", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019", }, { trust: 1.1, url: "http://www.debian.org/security/2015/dsa-3125", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496289803847&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142720981827617&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142721102728110&w=2", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", }, { trust: 1.1, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062", }, { trust: 1.1, url: "https://support.apple.com/ht204659", }, { trust: 1.1, url: "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050297101809&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050254401665&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=143748090628601&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050155601375&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142895206924048&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=144050205101530&w=2", }, { trust: 1.1, url: "http://marc.info/?l=bugtraq&m=142496179803395&w=2", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", }, { trust: 1.1, url: "https://bto.bluecoat.com/security-advisory/sa88", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", }, { trust: 1.1, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1033378", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10108", }, { trust: 1.1, url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10102", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 0.9, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu98974537/index.html", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu91828320/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3572", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3572", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0204", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3570", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8275", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0205", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3571", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0206", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3569", }, { trust: 0.5, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.5, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169", }, { trust: 0.3, url: "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanv8#announce1", }, { trust: 0.3, url: "http://openssl.org/", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699883", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699667", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/feb/160", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10679&cat=sirt_1&actp=list", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490", }, { trust: 0.3, url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21698818", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883857", }, { trust: 0.3, url: "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699271", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/101008182", }, { trust: 0.3, url: "https://www.openssl.org/news/vulnerabilities.html", }, { trust: 0.3, url: "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21963783", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903299", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21700275", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699938", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21883287", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21902694", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21903726", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21697162", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150", }, { trust: 0.3, url: "http://www.splunk.com/view/sp-caaanxd", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695985", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21701453", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21694849", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699052", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699810", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21699069", }, { trust: 0.3, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2014-3572", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0209", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0286", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2014-8275", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/310.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2015:0066", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2459-1/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0288", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5432", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5433", }, { trust: 0.1, url: "http://www.hp.com/jp/icewall_patchaccess", }, { trust: 0.1, url: "https://access.redhat.com/articles/1369543", }, { trust: 0.1, url: "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?produ", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5409", }, { trust: 0.1, url: "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result&doc", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5412", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5413", }, { trust: 0.1, url: "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5410", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5411", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0235", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe", }, { trust: 0.1, url: "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0207", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8142", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3523", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0285", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9653", }, { trust: 0.1, url: "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490&la", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0232", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-1692", }, { trust: 0.1, url: "http://www.hp.com/go/insightupdates", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-0248", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9427", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0208", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0273", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2010-5107", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9652", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744", }, { trust: 0.1, url: "https://www.openssl.org/about/releasestrat.html),", }, { trust: 0.1, url: "https://www.openssl.org/about/secpolicy.html", }, { trust: 0.1, url: "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0204", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0206", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0205", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3571", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-3570", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, ], sources: [ { db: "VULMON", id: "CVE-2014-3572", }, { db: "BID", id: "71942", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130985", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "129867", }, { db: "PACKETSTORM", id: "130051", }, { db: "NVD", id: "CVE-2014-3572", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-3572", }, { db: "BID", id: "71942", }, { db: "JVNDB", id: "JVNDB-2014-007553", }, { db: "PACKETSTORM", id: "133317", }, { db: "PACKETSTORM", id: "130985", }, { db: "PACKETSTORM", id: "133316", }, { db: "PACKETSTORM", id: "130987", }, { db: "PACKETSTORM", id: "129870", }, { db: "PACKETSTORM", id: "133325", }, { db: "PACKETSTORM", id: "129867", }, { db: "PACKETSTORM", id: "130051", }, { db: "NVD", id: "CVE-2014-3572", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-01-09T00:00:00", db: "VULMON", id: "CVE-2014-3572", }, { date: "2015-01-08T00:00:00", db: "BID", id: "71942", }, { date: "2015-01-13T00:00:00", db: "JVNDB", id: "JVNDB-2014-007553", }, { date: "2015-08-26T01:33:18", db: "PACKETSTORM", id: "133317", }, { date: "2015-03-24T17:03:36", db: "PACKETSTORM", id: "130985", }, { date: "2015-08-26T01:33:07", db: "PACKETSTORM", id: "133316", }, { date: "2015-03-24T17:05:09", db: "PACKETSTORM", id: "130987", }, { date: "2015-01-09T17:43:35", db: "PACKETSTORM", id: "129870", }, { date: "2015-08-26T01:35:08", db: "PACKETSTORM", id: "133325", }, { date: "2015-01-09T02:01:10", db: "PACKETSTORM", id: "129867", }, { date: "2015-01-22T01:35:41", db: "PACKETSTORM", id: "130051", }, { date: "2015-01-09T02:59:02.320000", db: "NVD", id: "CVE-2014-3572", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-11-15T00:00:00", db: "VULMON", id: "CVE-2014-3572", }, { date: "2017-01-23T00:09:00", db: "BID", id: "71942", }, { date: "2016-08-09T00:00:00", db: "JVNDB", id: "JVNDB-2014-007553", }, { date: "2017-11-15T02:29:05.313000", db: "NVD", id: "CVE-2014-3572", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "71942", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OpenSSL of s3_clnt.c Inside ssl3_get_key_exchange In function ECDHE-to-ECDH Vulnerabilities that are subject to downgrade attacks", sources: [ { db: "JVNDB", id: "JVNDB-2014-007553", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Design Error", sources: [ { db: "BID", id: "71942", }, ], trust: 0.3, }, }